SB2025080543 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.19
Published: August 5, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2024-45339)
The vulnerability allows a local user to overwrite arbitrary files on the system.
The vulnerability exists due to insecure link following when writing log files. A local user can point a symbolic link to a critical file on the system and overwrite it with the log data.
2) Integer overflow (CVE-ID: CVE-2025-6021)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the xmlBuildQName() function in tree.c . A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-50349)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect handling of control sequences in account names when asking for credentials. A remote attacker can trick the victim into clicking on a specially crafted URL and trick users into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control.
4) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-52006)
The vulnerability allows a remote attacker to exfiltrate data.
The vulnerability exists due to newline confusion in credential helpers when interpreting single Carriage Return characters. A remote attacker can gain access to sensitive information.
5) Off-by-one (CVE-ID: CVE-2024-52533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Integer overflow (CVE-ID: CVE-2025-4373)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Protection Mechanism Failure (CVE-ID: CVE-2025-27613)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system.
Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled.
8) Input validation error (CVE-ID: CVE-2025-27614)
The vulnerability allows a remote attacker to compromise the affected system.
A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.
9) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
10) Product UI does not warn user of unsafe actions (CVE-ID: CVE-2025-46835)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing notifications in Git GUI when performing potentially dangerous actions. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.
11) Integer overflow (CVE-ID: CVE-2025-47268)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an integer overflow within the ping command when handling ICMP Echo Reply packets. A remote attacker can trick the victim to ping a malicious server, trigger an integer overflow and crash the application.
12) CRLF injection (CVE-ID: CVE-2025-48384)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.
13) Input validation error (CVE-ID: CVE-2025-48385)
The vulnerability allows a remote attacker to compromise the affected client.
The vulnerability exists due to insufficient validation of bundle-uri parameter when cloning a repository. A remote attacker can trick the victim into cloning a specially crafted repository, perform a protocol injection attack and write code to arbitrary locations on the system, leading to remote code execution.
Remediation
Install update from vendor's website.