All the vulnerabilites related to Red Hat - Red Hat Connectivity Link 1
cve-2024-12401
Vulnerability from cvelistv5
Published
2024-12-12 09:06
Modified
2025-05-23 00:40
Severity ?
EPSS score ?
Summary
Cert-manager: potential dos when parsing specially crafted pem inputs
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:21:20.829376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:44:58.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/cert-manager/cert-manager",
"defaultStatus": "unaffected",
"packageName": "cert-manager",
"versions": [
{
"lessThanOrEqual": "1.12.14",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.15.4",
"status": "affected",
"version": "1.13.0-alpha.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.16.2",
"status": "affected",
"version": "1.16.0-alpha.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"packageName": "cert-manager/cert-manager-operator-bundle",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"packageName": "cert-manager/cert-manager-operator-rhel9",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-acmesolver-rhel9",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"packageName": "cert-manager/jetstack-cert-manager-rhel9",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cryostat:3"
],
"defaultStatus": "affected",
"packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
"product": "Cryostat 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-activator-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-autoscaler-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-controller-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-queue-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serving-webhook-rhel8",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-operator-bundle-container",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-operator-container",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-agent-installer-api-server-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openshift4/ose-contour-rhel8",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "odf4/rook-ceph-rhel8-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8-operator",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
}
],
"datePublic": "2024-11-21T19:52:52.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T00:40:36.288Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12401"
},
{
"name": "RHBZ#2327929",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929"
},
{
"url": "https://github.com/cert-manager/cert-manager/pull/7400"
},
{
"url": "https://github.com/cert-manager/cert-manager/pull/7401"
},
{
"url": "https://github.com/cert-manager/cert-manager/pull/7402"
},
{
"url": "https://github.com/cert-manager/cert-manager/pull/7403"
},
{
"url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"
},
{
"url": "https://go.dev/issue/50116"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-21T23:00:43.367021+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-21T19:52:52+00:00",
"value": "Made public."
}
],
"title": "Cert-manager: potential dos when parsing specially crafted pem inputs",
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12401",
"datePublished": "2024-12-12T09:06:03.612Z",
"dateReserved": "2024-12-10T13:30:10.806Z",
"dateUpdated": "2025-05-23T00:40:36.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-25207
Vulnerability from cvelistv5
Published
2025-06-09 06:12
Modified
2025-06-09 18:11
Severity ?
EPSS score ?
Summary
Rhcl: authpolicy callbacks result in denial of service in authorino severity
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-25207 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2347421 | issue-tracking, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Red Hat | Red Hat Connectivity Link 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:09:27.183095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:11:15.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
"defaultStatus": "unknown",
"packageName": "rhcl-operator-container",
"versions": [
{
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-operator-container",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T06:12:51.416Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-25207"
},
{
"name": "RHBZ#2347421",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347421"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-24T22:53:00.778000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rhcl: authpolicy callbacks result in denial of service in authorino severity",
"x_redhatCweChain": "CWE-703-\u003eCWE-400: Improper Check or Handling of Exceptional Conditions leads to Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-25207",
"datePublished": "2025-06-09T06:12:51.416Z",
"dateReserved": "2025-02-03T20:02:01.750Z",
"dateUpdated": "2025-06-09T18:11:15.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-25209
Vulnerability from cvelistv5
Published
2025-06-09 06:13
Modified
2025-06-09 13:23
Severity ?
EPSS score ?
Summary
Rhcl: sharedsecretref can be used to leak secrets severity
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-25209 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2347438 | issue-tracking, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Red Hat | Red Hat Connectivity Link 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:23:18.884257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:23:23.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
"defaultStatus": "unknown",
"packageName": "rhcl-operator-container",
"versions": [
{
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-operator-container",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T06:13:56.342Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-25209"
},
{
"name": "RHBZ#2347438",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-24T23:40:29.388000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rhcl: sharedsecretref can be used to leak secrets severity",
"workarounds": [
{
"lang": "en",
"value": "There\u0027s no known mitigation for this issue."
}
],
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-25209",
"datePublished": "2025-06-09T06:13:56.342Z",
"dateReserved": "2025-02-03T20:02:01.750Z",
"dateUpdated": "2025-06-09T13:23:23.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-25208
Vulnerability from cvelistv5
Published
2025-06-09 06:13
Modified
2025-06-09 18:08
Severity ?
EPSS score ?
Summary
Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-25208 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2347436 | issue-tracking, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Red Hat | Red Hat Connectivity Link 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:08:24.170293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:08:33.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
"defaultStatus": "unknown",
"packageName": "rhcl-operator-container",
"versions": [
{
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"packageName": "rhcl-operator-container",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T06:13:03.864Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-25208"
},
{
"name": "RHBZ#2347436",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-24T23:33:58.746000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-25208",
"datePublished": "2025-06-09T06:13:03.864Z",
"dateReserved": "2025-02-03T20:02:01.750Z",
"dateUpdated": "2025-06-09T18:08:33.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}