SB2025102922 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025102922

SB2025102922 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18

Published: October 29, 2025

Security Bulletin ID SB2025102922
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 67% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Double free (CVE-ID: CVE-2025-5914)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the archive_read_format_rar_seek_data() function. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-ID: CVE-2025-5994)

The vulnerability allows a remote attacker to perform cache poisoning attacks.

The vulnerability exists due to a logic error in the EDNS Client Subnet (ECS) implementation. A remote attacker can perform cache poisoning attacks against Unbound servers with ECS support, a.k.a. Rebirthday Attack.

Successful exploitation of the vulnerability requires that the server is compiled with '--enable-subnet' and configured to send ECS information to upstream name servers with at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options.


3) Buffer overflow (CVE-ID: CVE-2025-6965)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.


4) Link following (CVE-ID: CVE-2025-9566)

The vulnerability allows a malicious container to perform a denial of service (DoS) attack.

The vulnerability exists due to an insecure link following issue in podman kube play command. A malicious container can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file.

Note, a malicious container can write to arbitrary files on the host BUT the attacker only controls the target path not the contents that will be written to the file.


5) Use-after-free (CVE-ID: CVE-2025-49794)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the xmlSchematronGetNode() function when processing XPath expressions in Schematron schema elements schematron.c. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.


6) Type Confusion (CVE-ID: CVE-2025-49796)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the xmlSchematronFormatReport() function when processing sch:name elements in schematron.c. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and crash the application. 


Remediation

Install update from vendor's website.

References