SB2025080775 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12
Published: August 7, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2025-22868)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the jws package does not properly control consumption of internal resources when handling malformed tokens. A remote attacker can pass a malformed JWT token to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Protection mechanism failure (CVE-ID: CVE-2025-32462)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures when running sudo with -h (--host) option. If the current configuration provides access to users based on the host they are allowed to execute commands, a local user can bypass such a restriction by providing the hostname via the "-h" option they are allowed to execute commands. The vulnerability affects systems that use a common sudoers file that is distributed to multiple machines or when LDAP-based sudoers (including SSSD) is used.
3) Buffer overflow (CVE-ID: CVE-2022-49058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_mf_symlink() function in fs/cifs/link.c. A local user can escalate privileges on the system.
4) Out-of-bounds read (CVE-ID: CVE-2022-49395)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_ldt_entry() function in arch/x86/um/ldt.c. A local user can perform a denial of service (DoS) attack.
5) Path traversal (CVE-ID: CVE-2024-12718)
The vulnerability allows a remote attacker to modify arbitrary files on the system.
The vulnerability exists due to input validation error in the tarfile module. A remote attacker can pass a specially crafted archive to the application and modify some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
6) Integer overflow (CVE-ID: CVE-2024-23337)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in src/jv.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
7) Link following (CVE-ID: CVE-2025-4138)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..
8) Link following (CVE-ID: CVE-2025-4330)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory.
9) Expected behavior violation (CVE-ID: CVE-2025-4435)
The vulnerability allows a remote attacker to change expected behavior.
The vulnerability exists due to an error when using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior. A remote attacker can force the application to extract files that were meant to be skipped.
10) Path traversal (CVE-ID: CVE-2025-4517)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.
11) Improper access control (CVE-ID: CVE-2025-6020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root.
12) Use-after-free (CVE-ID: CVE-2025-22004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.
13) Path traversal (CVE-ID: CVE-2025-47273)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.
14) Heap-based buffer overflow (CVE-ID: CVE-2025-48060)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the jv_string_vfmt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
15) CRLF injection (CVE-ID: CVE-2025-48384)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.
Remediation
Install update from vendor's website.