Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66516 (GCVE-0-2025-66516)
Vulnerability from cvelistv5 – Published: 2025-12-04 16:17 – Updated: 2026-01-15 04:56
VLAI?
EPSS
Title
Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
Summary
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
Severity ?
8.4 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Tika core |
Affected:
1.13 , ≤ 3.2.1
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T04:56:01.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.tika:tika-core",
"product": "Apache Tika core",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "1.13",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.tika:tika-parsers",
"product": "Apache Tika parsers",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "1.13",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.tika:tika-parser-pdf-module",
"product": "Apache Tika PDF parser module",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \u003cbr\u003e\u003cbr\u003eThis CVE covers the same vulnerability as in\u0026nbsp;CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \u003cbr\u003e\u003cbr\u003eFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u0026gt;= 3.2.2 would still be vulnerable. \u003cbr\u003e\u003cbr\u003eSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module."
}
],
"value": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in\u00a0CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u003e= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T16:12:37.859Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k"
},
{
"tags": [
"related"
],
"url": "https://cve.org/CVERecord?id=CVE-2025-54988"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-66516",
"datePublished": "2025-12-04T16:17:24.980Z",
"dateReserved": "2025-12-03T23:11:17.441Z",
"dateUpdated": "2026-01-15T04:56:01.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66516\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-12-04T17:15:57.120\",\"lastModified\":\"2025-12-30T16:15:46.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \\n\\nThis CVE covers the same vulnerability as in\u00a0CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \\n\\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u003e= 3.2.2 would still be vulnerable. \\n\\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \\\"org.apache.tika:tika-parsers\\\" module.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13\",\"versionEndExcluding\":\"3.2.2\",\"matchCriteriaId\":\"06E31452-81F9-4B50-A6E1-EE8FE3E148BD\"}]}]}],\"references\":[{\"url\":\"https://cve.org/CVERecord?id=CVE-2025-54988\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66516\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-05T18:26:33.915381Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-05T18:26:41.700Z\"}}], \"cna\": {\"title\": \"Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"critical\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tika core\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.2.1\"}], \"packageName\": \"org.apache.tika:tika-core\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tika parsers\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.13\", \"lessThan\": \"2.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.tika:tika-parsers\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tika PDF parser module\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.2.1\"}], \"packageName\": \"org.apache.tika:tika-parser-pdf-module\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://cve.org/CVERecord?id=CVE-2025-54988\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \\n\\nThis CVE covers the same vulnerability as in\\u00a0CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \\n\\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u003e= 3.2.2 would still be vulnerable. \\n\\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \\\"org.apache.tika:tika-parsers\\\" module.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \u003cbr\u003e\u003cbr\u003eThis CVE covers the same vulnerability as in\u0026nbsp;CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \u003cbr\u003e\u003cbr\u003eFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u0026gt;= 3.2.2 would still be vulnerable. \u003cbr\u003e\u003cbr\u003eSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \\\"org.apache.tika:tika-parsers\\\" module.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-12-30T16:12:37.859Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66516\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-15T04:56:01.082Z\", \"dateReserved\": \"2025-12-03T23:11:17.441Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-12-04T16:17:24.980Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0071
Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21
De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | PeopleSoft Enterprise HCM Human Resources version 9.2 | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools versions 8.60 à 8.62 | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise SCM Purchasing version 9.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PeopleSoft Enterprise HCM Human Resources version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools versions 8.60 \u00e0 8.62",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise SCM Purchasing version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2026-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21961"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-27209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27209"
},
{
"name": "CVE-2026-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21971"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2026-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21938"
},
{
"name": "CVE-2026-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21934"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21951"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
}
],
"initial_release_date": "2026-01-21T00:00:00",
"last_revision_date": "2026-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0071",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
"vendor_advisories": [
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle PeopleSoft cpujan2026",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
]
}
CERTFR-2026-AVI-0065
Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Server versions 11.3.x antérieures à 11.3.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.31 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.29 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.2.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Server versions 11.2.x antérieures à 11.2.1 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions 11.3.x antérieures à 11.3.0 | ||
| Atlassian | Confluence | Confluence Server versions 9.x antérieures à 9.2.13 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.x antérieures à 10.2.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.3.x antérieures à 11.3.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.31 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.x antérieures à 9.2.13 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Software Server versions 10.x antérieures à 10.3.16 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.29 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.3.x antérieures à 11.3.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.31",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.29",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions 9.x ant\u00e9rieures \u00e0 9.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.31",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.x ant\u00e9rieures \u00e0 9.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions 10.x ant\u00e9rieures \u00e0 10.3.16",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.29",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-53689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53689"
}
],
"initial_release_date": "2026-01-21T00:00:00",
"last_revision_date": "2026-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0065",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26667",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26667"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16497",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16497"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16496",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16496"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101827",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101827"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26665",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26665"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16485",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16485"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26661",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26661"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16491",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16491"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101878",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101878"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16501",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16501"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26663",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26663"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16503",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16503"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26662",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26662"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16459",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16459"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26654",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26654"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26656",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26656"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101872",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101872"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16502",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16502"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101842",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101842"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16499",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16499"
},
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16465",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16465"
}
]
}
CERTFR-2025-AVI-1100
Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-39227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2016-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2016-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
}
],
"initial_release_date": "2025-12-12T00:00:00",
"last_revision_date": "2025-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
}
]
}
CERTFR-2025-AVI-1100
Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-39227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2016-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2016-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
}
],
"initial_release_date": "2025-12-12T00:00:00",
"last_revision_date": "2025-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
}
]
}
NCSC-2026-0022
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.
Interpretaties
De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-863
Incorrect Authorization
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-20
Improper Input Validation
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-116
Improper Encoding or Escaping of Output
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-123
Write-what-where Condition
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-252
Unchecked Return Value
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-295
Improper Certificate Validation
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-393
Return of Wrong Status Code
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415
Double Free
CWE-416
Use After Free
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-789
Memory Allocation with Excessive Size Value
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2026-01-21T09:25:39.876330Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0022",
"initial_release_date": "2026-01-21T09:25:39.876330Z",
"revision_history": [
{
"date": "2026-01-21T09:25:39.876330Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Cloud Native Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications ASAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications BRM - Elastic Charging Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Element Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications IP Service Activator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Policy Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Report Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-46901",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-46901"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "other",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5987"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-9900"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-46727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46727 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-46727"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49844 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-49844"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58098",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58098 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58098"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-68161"
}
]
}
NCSC-2026-0023
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:27 - Updated: 2026-01-21 09:27Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Dit kan leiden tot ongeautoriseerde toegang en aanpassingen aan kritieke data, met CVSS-scores variërend van 5.4 tot 10.0, wat wijst op een gematigd tot significant risico voor de vertrouwelijkheid en integriteit van de gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-125
Out-of-bounds Read
CWE-197
Numeric Truncation Error
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en deze te wijzigen. Dit kan leiden tot ongeautoriseerde toegang en aanpassingen aan kritieke data, met CVSS-scores vari\u00ebrend van 5.4 tot 10.0, wat wijst op een gematigd tot significant risico voor de vertrouwelijkheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2026-01-21T09:27:58.715578Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0023",
"initial_release_date": "2026-01-21T09:27:58.715578Z",
"revision_history": [
{
"date": "2026-01-21T09:27:58.715578Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise HCM Human Resources"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise SCM Purchasing"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards and Node.js expose critical data and sensitive information, with CVSS scores indicating significant risk, particularly for Windows users and specific device names.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21934",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Push Notifications component affects versions 8.60, 8.61, and 8.62, allowing low-privileged attackers to exploit it via HTTP, potentially leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21934 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21934.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21934"
},
{
"cve": "CVE-2026-21938",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing significant risks to data confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21938"
},
{
"cve": "CVE-2026-21951",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Integration Broker component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21951"
},
{
"cve": "CVE-2026-21961",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise HCM Human Resources product (version 9.2) allows unauthenticated attackers to compromise the system, with a CVSS score of 6.1 indicating risks to confidentiality and integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21961"
},
{
"cve": "CVE-2026-21971",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 allows low-privileged attackers to compromise the system, potentially leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21971.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-21971"
}
]
}
NCSC-2026-0027
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.
Interpretaties
De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-117
Improper Output Neutralization for Logs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-252
Unchecked Return Value
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-289
Authentication Bypass by Alternate Name
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-457
Use of Uninitialized Variable
CWE-476
NULL Pointer Dereference
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-827
Improper Control of Document Type Definition
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2026-01-21T10:08:59.379774Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0027",
"initial_release_date": "2026-01-21T10:08:59.379774Z",
"revision_history": [
{
"date": "2026-01-21T10:08:59.379774Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Identity Manager Connector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Unified Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Enterprise Capture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Service Delivery Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "WebCenter Sites"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-45105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"notes": [
{
"category": "description",
"text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"notes": [
{
"category": "description",
"text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2026-21962"
}
]
}
NCSC-2026-0020
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:18 - Updated: 2026-01-21 09:18Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit beïnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-404
Improper Resource Shutdown or Release
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-863
Incorrect Authorization
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle WebLogic Server en Oracle Commerce producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om een gedeeltelijke Denial-of-Service te veroorzaken via HTTP. Dit kan leiden tot systeemuitval en verstoring van de dienstverlening. Daarnaast is er een kritieke XML External Entity (XXE) injectie kwetsbaarheid in de Apache Tika framework die de PDF-parsing functionaliteit be\u00efnvloedt, wat kan leiden tot gevoelige informatie openbaarmaking of zelfs remote code execution.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2026-01-21T09:18:16.268788Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0020",
"initial_release_date": "2026-01-21T09:18:16.268788Z",
"revision_history": [
{
"date": "2026-01-21T09:18:16.268788Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Commerce"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Guided Search"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Commerce Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates for various Java platforms, including OpenJDK and IBM, address critical security vulnerabilities related to heap corruption and TLS protections, while also enhancing scripting support and HTTP client handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-66516"
}
]
}
RHSA-2025:23143
Vulnerability from csaf_redhat - Published: 2025-12-11 20:15 - Updated: 2026-01-03 11:37Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2 for Spring Boot release.
Notes
Topic
Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)
* tika-core: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected (CVE-2025-66516)
Uncontrolled Recursion vulnerability in Apache Commons Lang (CVE-2025-48924)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n \n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\n* tika-core: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected (CVE-2025-66516)\n\nUncontrolled Recursion vulnerability in Apache Commons Lang (CVE-2025-48924)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23143",
"url": "https://access.redhat.com/errata/RHSA-2025:23143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2418870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23143.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2 for Spring Boot release.",
"tracking": {
"current_release_date": "2026-01-03T11:37:53+00:00",
"generator": {
"date": "2026-01-03T11:37:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23143",
"initial_release_date": "2025-12-11T20:15:32+00:00",
"revision_history": [
{
"date": "2025-12-11T20:15:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-11T20:15:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-03T11:37:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
"product": {
"name": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
"product_id": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.14"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-11T20:15:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23143"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T15:01:08.754489+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379554"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48924"
},
{
"category": "external",
"summary": "RHBZ#2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"release_date": "2025-07-11T14:56:58.049000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-11T20:15:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23143"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-12-04T17:01:38.159055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418870"
}
],
"notes": [
{
"category": "description",
"text": "A XML External Entity (XXE) injection vulnerability was found in the Apache Tika framework\u0027s PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA (XML Forms Architecture) file. This flaw could lead to sensitive information disclosure or, potentially, Remote Code Execution (RCE) on the server. The issue affects multiple Tika modules, including tika-core, tika-pdf-module, and tika-parsers, within the version ranges 1.13 through 3.2.1.\n\nThis CVE expands on the scope of CVE-2025-54988 to clarify that the root cause and required fix reside in the tika-core module, regardless of which parser module is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Critical because it can be triggered when Apache Tika processes a maliciously crafted XFA file embedded within a PDF. Successful exploitation enables XML External Entity (XXE) injection, allowing an attacker to access sensitive local files and initiate arbitrary requests to internal or external network resources. This can lead to Server-Side Request Forgery (SSRF), data tampering, and potential elevation of privileges. With high impact across confidentiality, integrity, and availability, this vulnerability poses a severe risk to affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66516"
},
{
"category": "external",
"summary": "RHBZ#2418870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516"
},
{
"category": "external",
"summary": "https://cve.org/CVERecord?id=CVE-2025-54988",
"url": "https://cve.org/CVERecord?id=CVE-2025-54988"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k",
"url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k"
}
],
"release_date": "2025-12-04T16:17:24.980000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-11T20:15:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected"
}
]
}
RHSA-2025:23225
Vulnerability from csaf_redhat - Published: 2025-12-15 21:46 - Updated: 2026-01-21 10:27Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.25.0 Release.
Notes
Topic
Red Hat OpenShift Dev Spaces 3.25.0 has been released.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.25 release is based on Eclipse Che 7.111 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.25.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.25 release is based on Eclipse Che 7.111 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23225",
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.25/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.25/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-4067",
"url": "https://access.redhat.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55247",
"url": "https://access.redhat.com/security/cve/CVE-2025-55247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55248",
"url": "https://access.redhat.com/security/cve/CVE-2025-55248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55315",
"url": "https://access.redhat.com/security/cve/CVE-2025-55315"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55752",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61927",
"url": "https://access.redhat.com/security/cve/CVE-2025-61927"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66516",
"url": "https://access.redhat.com/security/cve/CVE-2025-66516"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23225.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.25.0 Release.",
"tracking": {
"current_release_date": "2026-01-21T10:27:54+00:00",
"generator": {
"date": "2026-01-21T10:27:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2025:23225",
"initial_release_date": "2025-12-15T21:46:21+00:00",
"revision_history": [
{
"date": "2025-12-15T21:46:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-15T21:46:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-21T10:27:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product": {
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.25::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ae381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247198"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aa1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765354572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Abc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765246979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764891834"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aa353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765276570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Aa4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765325702"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3A74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765597809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Af67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765299828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Af7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765225950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765582207"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765503811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765406925"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Afdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247198"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ae6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ad17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765354572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765246979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Acca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764891834"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765276570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ac7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765325702"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Afb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765299828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Aeec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765225950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Aef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765582207"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ad50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765503811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765406925"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ae34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247198"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ab2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765354572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765246979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764891834"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765276570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765325702"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765299828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765225950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765582207"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765503811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ab8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765406925"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765247198"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765354572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Acfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765246979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764891834"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765276570"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765325702"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765299828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765225950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1764892466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765582207"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Aa63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765503811"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=3.25.0-1765406925"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.25",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.25"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4067",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280601"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "micromatch: vulnerable to Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "RHBZ#2280601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067"
},
{
"category": "external",
"summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/",
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448",
"url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/issues/243",
"url": "https://github.com/micromatch/micromatch/issues/243"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/pull/247",
"url": "https://github.com/micromatch/micromatch/pull/247"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "micromatch: vulnerable to Regular Expression Denial of Service"
},
{
"cve": "CVE-2025-55247",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2025-10-10T13:25:49.702000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403086"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MSBuild\u2019s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Denial of Service Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as Moderate. Predictable MSBuild temporary directory paths on Linux allow a local user to precreate or manipulate build temp directories, causing build failures (denial of service) on shared build hosts or CI runners using the affected .NET packages.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55247"
},
{
"category": "external",
"summary": "RHBZ#2403086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55247"
}
],
"release_date": "2025-10-15T13:06:53.521000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: .NET Denial of Service Vulnerability"
},
{
"cve": "CVE-2025-55248",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2025-10-10T13:00:27.907000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw exists in certain .NET builds where a man-in-the-middle (MITM) attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Information Disclosure Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely exploited by a man-in-the-middle attacker without authentication or user interaction. Successful exploitation allows an attacker to disable TLS protection between a .NET client and an SMTP server, leading to exposure of credentials and message contents over an unencrypted connection. The vulnerability results from insufficient enforcement of TLS during SMTP session negotiation in the affected .NET runtime.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core\u201d\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55248"
},
{
"category": "external",
"summary": "RHBZ#2403083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55248"
}
],
"release_date": "2025-10-15T12:39:35.343000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET Information Disclosure Vulnerability"
},
{
"cve": "CVE-2025-55315",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-10-10T13:21:09.125000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ASP.NET Core\u2019s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET Security Feature Bypass Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as Important. An authorized network attacker can exploit inconsistent HTTP request parsing in ASP.NET Core to bypass security controls (HTTP request smuggling), potentially exposing or enabling unauthorized actions on request data in affected .NET runtimes.\n\n```\n\n.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55315"
},
{
"category": "external",
"summary": "RHBZ#2403085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315"
}
],
"release_date": "2025-10-15T12:58:31.281000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: .NET Security Feature Bypass Vulnerability"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61927",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-10-10T20:00:59.402374+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403177"
}
],
"notes": [
{
"category": "description",
"text": "Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted JavaScript code within the Happy DOM VM Context, it may escape the VM and get access to process level functionality. It seems like what the attacker can get control over depends on if the process is using ESM or CommonJS. With CommonJS the attacker can get hold of the `require()` function to import modules. Happy DOM has JavaScript evaluation enabled by default. This may not be obvious to the consumer of Happy DOM and can potentially put the user at risk if untrusted code is executed within the environment. Version 20.0.0 patches the issue by changing JavaScript evaluation to be disabled by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "happy-dom: Happy-DOM VM Context Escape",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61927"
},
{
"category": "external",
"summary": "RHBZ#2403177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403177"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61927"
},
{
"category": "external",
"summary": "https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405",
"url": "https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405"
},
{
"category": "external",
"summary": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-37j7-fg3j-429f",
"url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-37j7-fg3j-429f"
}
],
"release_date": "2025-10-10T19:38:19.835000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "happy-dom: Happy-DOM VM Context Escape"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-12-04T17:01:38.159055+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418870"
}
],
"notes": [
{
"category": "description",
"text": "A XML External Entity (XXE) injection vulnerability was found in the Apache Tika framework\u0027s PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA (XML Forms Architecture) file. This flaw could lead to sensitive information disclosure or, potentially, Remote Code Execution (RCE) on the server. The issue affects multiple Tika modules, including tika-core, tika-pdf-module, and tika-parsers, within the version ranges 1.13 through 3.2.1.\n\nThis CVE expands on the scope of CVE-2025-54988 to clarify that the root cause and required fix reside in the tika-core module, regardless of which parser module is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Critical because it can be triggered when Apache Tika processes a maliciously crafted XFA file embedded within a PDF. Successful exploitation enables XML External Entity (XXE) injection, allowing an attacker to access sensitive local files and initiate arbitrary requests to internal or external network resources. This can lead to Server-Side Request Forgery (SSRF), data tampering, and potential elevation of privileges. With high impact across confidentiality, integrity, and availability, this vulnerability poses a severe risk to affected systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66516"
},
{
"category": "external",
"summary": "RHBZ#2418870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516"
},
{
"category": "external",
"summary": "https://cve.org/CVERecord?id=CVE-2025-54988",
"url": "https://cve.org/CVERecord?id=CVE-2025-54988"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k",
"url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k"
}
],
"release_date": "2025-12-04T16:17:24.980000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-15T21:46:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23225"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:46811ca65f64fb6d260e3dca253947c749b6dd31ce3185f36e729ea817f454a4_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:65b5989d68b4489a7d1b915870afc49c0f977b9690ee958be7e8fedcc611087f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:7d38a9fe7e1bf493f235c62ebaabdc1c805b94e731186b9ffa56cf581abc8f77_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-rhel9@sha256:869bac1a7cc51c0a780667abd7b47f9e42f2da22e6d6a57b5a1d7ecdeddcee7c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0a15c7b78d69e8711f81727879c1d4bbd8c2e8547a0b5c84513ea3a42fb5f8f3_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e34005d1fc54aaf8863c5f0bf4bdd30120e65df1a61a6e775f0998e0be152582_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e381c47978265d9db3daf279657a63cfe8f1f5afe0d00d4792b819cbae480338_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:fdbae1704685d51d583b0c2e588ddf3b088b78cc84b239821421042c0943c098_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:969198cbaa319f55733ae4fb378b867f8afb9d1bfe78dfce65b20fd7ac9fb541_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:a1ccad11e91784e0b6ed9eb1745d86c8783f1e869096a7f735f47280df0acc4e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:b2c13795589df33fec7a6c6b5ed37e11db14f134bfcc7ee0350e3df372f5da88_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/configbump-rhel9@sha256:e6f11881adb8f1675e5e3372339e648d99084d7d3f244d0de1eeebc96ed08dfc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:6137931395a4cbfa07e5579172ed579babd14a2d1e054238298eee1aee4e2c07_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:804b00736484cc574e738130b9dc0e553828f54705fed29dbd9bb873bc5d1baa_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:8cf6cd46eef5fea2e500e14b18a8ec545b5bec93e6fb2289a9d760d56e4b52bb_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/dashboard-rhel9@sha256:d17a2f913e7cef538d6537d0ad32e257e2d51c871fc66183ea291024e8e2afae_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:74b83b79cba88af0545e7fb52dd70df2c1b96cf23b8963517fc779fbfe3e9aac_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:46948834924666487d7f47ac11bed7655e936fdb7071ee32d1ae3b1bb1a69aa4_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:690264c2631bd5a2341b37c1d3099a84e9bfb5eb2afab2937c0453a2475d0111_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a4417f71e76b15d9c4f1c4657b2e5f2bb3979d498b362b42d9b207e37bf505d5_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c7871f233d3908f052954b132aa6c7b57c500e41899f02ac023098e2283380c5_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:70d4bfd4a877934fbdded33e39c349b3554bc371492ee2696260916b0119efcf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:859b5a54204008d575e774ca4794c346c0195750b5617ae56dccaf3dfa3d3f1b_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:bc65597fade1fd7de78ab27d9b0ba1bf5317b56949a9277e0af4b32db1aaee48_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:cfa0ae37ba69921586906f410956f9cd7d4a27652a544d3363c7d2dc92603286_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:29fa5d30eafda6658cf2c4a655e82e075b5708ddc1ff1b6d27c082f96c33a95d_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:56bed332699e952d3b4f4672420c379fa32954e77bb24aa3fec51823a0473703_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:8714c6e69cdc81f39c44a4d17dda5a4574e104eafeb6d3deb5f29b879e5f0f99_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:94a3bd9690ce19b7dcab8784e9edaf39a52085d84561659b5ea2e955d375f37e_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:296a441f00d4749301a9aee06a998f29ac64bb9c50d7e090711b33776a845f03_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:4ea445ee2670945ac2be3fe503be6f44d4ff4a953deffe9dc61fb4a8a30ae5a8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:84b61272c472cee00404abd49080bd492dbe63a72ebc9bdcef48dac74b72b455_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/machineexec-rhel9@sha256:cca33584e4afced97c7c3c35af261890279a540df0f2da4d263e8862e2c14c6c_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:31e999abdb05d9dd572f21a91982bc8bfbb2007f1100650715c51d40f6f1f312_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:5b136fff0f0c8ff4d56fdb934eef1dd7d04ebdac13e7cb8c1e020bf370f4df84_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8642741c5122757b5a01ee03e5a514a4d49b4048c6808b14ab5f8b7cece82d11_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/openvsx-rhel9@sha256:a353e11c2f965642a1107d7b764edccd0888009fc991ec066fb40e4632692ac4_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:10821feaf0ba17ef30f0403d29862004615952e289af23794e15d3354bc4f288_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:4cba254ffcbe10a9da41c2b25cdb098824d3adfc207ce02f5c71200bd41c6959_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:f67c1d7d8549587c1032404411b01472f71e775a7bbfd91927060c1b09a631c0_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fb455374d650d93bbc4eca5616d041067cf1bcebc0dd6d0a92d8af16e2656708_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:3a3da41883a104931b483ce6f5ff089a7fe3fa7b409a0b66ec1d8d396903f246_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:5898927ebcb955afdf51695a028b2e3fe4dfb08fb12d3e4daa75d1266562bdf9_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:eec12e74a1bf7348f827b6c49d97f8cf9d27199ce2d35330f92ae3330020785f_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/server-rhel9@sha256:f7dbf103ed9452b48a61505498c8aa1e4f445e9bf40b62769fb16372597982d2_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:3e6de411cafc0aee65b36541803bebc84070ff69bab6f3f4691d65074fe36307_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:44c8d3d034803b0f8307b56cafdfcf8083071e407139e701456acfb2e434b0c8_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:821f997cae0acae9048347c648c4f762a870b6548b8b7d14129315bf85b97276_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9ebbe3422e8100ef6e9c8ca7896ca21227ae4c708f3d3321fa2ca1c8eb9f051_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:53eb58d4a5f32aa71bb7e0d3beedca005b0b68f1fa9f18e07d08e243a803a565_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:63833e84093a729b0624238325e783fbcb1e22a7649dc1b59998bcce6ac450ef_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:a63f6e4ee48aaf257c592844674621110d1380f51d53d5bbf796b3bcafb67b89_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d50d87f4bbcabaa25d7b8a4c09d956d0d8eec926bd1c01fa1a506266e2056162_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:1669477977f4722f931dba2693089f59ab77b5828869ec188e0bbff4966d7605_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5411419f1400a2e1345d430df21d5b6ae9fc00d99a89549d7bf889e82a8f350b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:782034bb77a0657bd9515feff4d7cb31e259dae24ed322e350022fd901fb5187_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-base-rhel9@sha256:b8439f99e641c9f04e10a97f9a593b3909968ebd293381af2885b2b4ca7ac3e0_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:0b5b29e3626d7796c6a7ab73296934fd13717ca217e1bd42dc2ac39b0efdbf8a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:72e67f67750d8cdb639ab2fc274063e622075e00ceda667a89b54c6e0d8de955_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:8a19af8b03b59562335b3a3f77753944c27ecbccaeda3400d0f089a6cd8d11fa_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.25:registry.redhat.io/devspaces/udi-rhel9@sha256:ef84715a61474b7a45b0b24c0d30370f51ab93ff86b70d5d345545253e01c3ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected"
}
]
}
GHSA-F58C-GQ56-VJJF
Vulnerability from github – Published: 2025-12-04 18:30 – Updated: 2025-12-05 02:26
VLAI?
Summary
Apache Tika has XXE vulnerability
Details
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
Severity ?
10.0 (Critical)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.13"
},
{
"fixed": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-parsers"
},
"ranges": [
{
"events": [
{
"introduced": "1.13"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-parser-pdf-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66516"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-05T02:24:30Z",
"nvd_published_at": "2025-12-04T17:15:57Z",
"severity": "CRITICAL"
},
"details": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in\u00a0CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u003e= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.",
"id": "GHSA-f58c-gq56-vjjf",
"modified": "2025-12-05T02:26:56Z",
"published": "2025-12-04T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516"
},
{
"type": "WEB",
"url": "https://cve.org/CVERecord?id=CVE-2025-54988"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tika"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Apache Tika has XXE vulnerability"
}
WID-SEC-W-2025-1883
Vulnerability from csaf_certbund - Published: 2025-08-20 22:00 - Updated: 2025-12-04 23:00Summary
Apache Tika: Schwachstelle ermöglicht Infogewinn oder Manipulation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apache Tika-Toolkit erkennt und extrahiert Metadaten und Text aus vielen verschiedenen Dateitypen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tika ausnutzen, um sensible Daten auszulesen oder bösartige Anfragen an interne Ressourcen oder Server von Drittanbietern auszulösen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apache Tika-Toolkit erkennt und extrahiert Metadaten und Text aus vielen verschiedenen Dateitypen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tika ausnutzen, um sensible Daten auszulesen oder b\u00f6sartige Anfragen an interne Ressourcen oder Server von Drittanbietern auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1883 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1883.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1883 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1883"
},
{
"category": "external",
"summary": "Apache Tika Mailing List vom 2025-08-20",
"url": "https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w"
},
{
"category": "external",
"summary": "Apache Tika Security vom 2025-08-20",
"url": "https://tika.apache.org/security.html"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2389910 vom 2025-08-20",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389910"
},
{
"category": "external",
"summary": "Elastic Security Announcement ESA-2025-15 vom 2025-08-28",
"url": "https://discuss.elastic.co/t/enterprise-search-8-18-6-8-19-3-security-update-esa-2025-15-cve-2025-54988/381428"
},
{
"category": "external",
"summary": "Elastic Security Announcement ESA-2025-14 vom 2025-08-28",
"url": "https://discuss.elastic.co/t/elasticsearch-8-18-6-8-19-3-9-0-6-and-9-1-3-security-update-esa-2025-14-cve-2025-54988/381427"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-09-19",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124164"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4350 vom 2025-10-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-12-04",
"url": "https://github.com/advisories/GHSA-f58c-gq56-vjjf"
}
],
"source_lang": "en-US",
"title": "Apache Tika: Schwachstelle erm\u00f6glicht Infogewinn oder Manipulation",
"tracking": {
"current_release_date": "2025-12-04T23:00:00.000+00:00",
"generator": {
"date": "2025-12-05T06:52:13.688+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1883",
"initial_release_date": "2025-08-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-25435"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Elastic aufgenommen"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "6",
"summary": "CVE und Produkte erg\u00e4nzt,"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.2.2",
"product": {
"name": "Apache Tika \u003c3.2.2",
"product_id": "T046404"
}
},
{
"category": "product_version",
"name": "3.2.2",
"product": {
"name": "Apache Tika 3.2.2",
"product_id": "T046404-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tika:3.2.2"
}
}
},
{
"category": "product_version_range",
"name": "tika-parser-pdf-module \u003c3.2.2",
"product": {
"name": "Apache Tika tika-parser-pdf-module \u003c3.2.2",
"product_id": "T049108"
}
},
{
"category": "product_version",
"name": "tika-parser-pdf-module 3.2.2",
"product": {
"name": "Apache Tika tika-parser-pdf-module 3.2.2",
"product_id": "T049108-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tika:tika-parser-pdf-module__3.2.2"
}
}
},
{
"category": "product_version_range",
"name": "tika-parsers \u003c2.0.0",
"product": {
"name": "Apache Tika tika-parsers \u003c2.0.0",
"product_id": "T049109"
}
},
{
"category": "product_version",
"name": "tika-parsers 2.0.0",
"product": {
"name": "Apache Tika tika-parsers 2.0.0",
"product_id": "T049109-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tika:tika-parsers___2.0.0"
}
}
}
],
"category": "product_name",
"name": "Tika"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "14",
"product": {
"name": "HCL Domino 14",
"product_id": "T033028",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:domino:14"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "HCL Domino 12",
"product_id": "T038610",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:domino:12"
}
}
},
{
"category": "product_version",
"name": "14.5",
"product": {
"name": "HCL Domino 14.5",
"product_id": "T045951",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:domino:14.5"
}
}
}
],
"category": "product_name",
"name": "Domino"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.18.6",
"product": {
"name": "Open Source Elasticsearch \u003c8.18.6",
"product_id": "T046588"
}
},
{
"category": "product_version",
"name": "8.18.6",
"product": {
"name": "Open Source Elasticsearch 8.18.6",
"product_id": "T046588-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:elasticsearch:8.18.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.3",
"product": {
"name": "Open Source Elasticsearch \u003c8.19.3",
"product_id": "T046589"
}
},
{
"category": "product_version",
"name": "8.19.3",
"product": {
"name": "Open Source Elasticsearch 8.19.3",
"product_id": "T046589-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:elasticsearch:8.19.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.6",
"product": {
"name": "Open Source Elasticsearch \u003c9.0.6",
"product_id": "T046596"
}
},
{
"category": "product_version",
"name": "9.0.6",
"product": {
"name": "Open Source Elasticsearch 9.0.6",
"product_id": "T046596-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:elasticsearch:9.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.3",
"product": {
"name": "Open Source Elasticsearch \u003c9.1.3",
"product_id": "T046597"
}
},
{
"category": "product_version",
"name": "9.1.3",
"product": {
"name": "Open Source Elasticsearch 9.1.3",
"product_id": "T046597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:elasticsearch:elasticsearch:9.1.3"
}
}
}
],
"category": "product_name",
"name": "Elasticsearch"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54988",
"product_status": {
"known_affected": [
"T033028",
"T046404",
"T045951",
"T046589",
"T049109",
"T049108",
"2951",
"T038610",
"T046588",
"T046596",
"T046597"
]
},
"release_date": "2025-08-20T22:00:00.000+00:00",
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-66516",
"product_status": {
"known_affected": [
"T033028",
"T046404",
"T045951",
"T046589",
"T049109",
"T049108",
"2951",
"T038610",
"T046588",
"T046596",
"T046597"
]
},
"release_date": "2025-08-20T22:00:00.000+00:00",
"title": "CVE-2025-66516"
}
]
}
FKIE_CVE-2025-66516
Vulnerability from fkie_nvd - Published: 2025-12-04 17:15 - Updated: 2025-12-30 16:15
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://cve.org/CVERecord?id=CVE-2025-54988 | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E31452-81F9-4B50-A6E1-EE8FE3E148BD",
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in\u00a0CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to \u003e= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module."
}
],
"id": "CVE-2025-66516",
"lastModified": "2025-12-30T16:15:46.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-04T17:15:57.120",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.org/CVERecord?id=CVE-2025-54988"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…