rhsa-2025:13267
Vulnerability from csaf_redhat
Published
2025-08-06 15:26
Modified
2025-08-19 21:04
Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13267",
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12718",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-40909",
"url": "https://access.redhat.com/security/cve/CVE-2025-40909"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4138",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4330",
"url": "https://access.redhat.com/security/cve/CVE-2025-4330"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4435",
"url": "https://access.redhat.com/security/cve/CVE-2025-4435"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4517",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49796",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6021",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13267.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2025-08-19T21:04:33+00:00",
"generator": {
"date": "2025-08-19T21:04:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:13267",
"initial_release_date": "2025-08-06T15:26:03+00:00",
"revision_history": [
{
"date": "2025-08-06T15:26:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-06T15:26:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-19T21:04:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Aad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.1-1754478727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.1-1754485705"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ac517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.1-1754478727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.1-1754485705"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4330",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:00.653313+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370014"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Extraction filter bypass for linking outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of this access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation enforces strict path constraints, rejecting directory traversal attempts or unauthorized file access. Runtime environments restrict code execution to predefined privilege levels, preventing escalation from traversal exploits. Configuration settings limit accessible directories and enforce execution boundaries to reduce the influence of user input on file system behavior. Application components are developed and validated against secure coding standards that explicitly prevent path manipulation, further minimizing exploitation risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4330"
},
{
"category": "external",
"summary": "RHBZ#2370014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4330",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4330"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:57.452000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Extraction filter bypass for linking outside extraction directory"
},
{
"cve": "CVE-2025-4435",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"discovery_date": "2025-06-03T14:00:46.485917+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370010"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Tarfile extracts filtered members when errorlevel=0",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-706: Use of Incorrectly-Resolved Name or Reference and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess enforcement and least privilege limit resolution of internal objects and services to explicitly authorized users and processes, reducing the risk of unintended interactions.. Configuration settings are tightly managed to ensure consistent and accurate resolution of names, paths, and references across deployments. Least functionality reduces exposure by disabling unused features and restricting access to unnecessary components. Additionally, real-time monitoring detects anomalous behavior or access attempts involving misconfigured or invalid references, enabling timely response and containment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4435"
},
{
"category": "external",
"summary": "RHBZ#2370010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4435"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:06.792000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Tarfile extracts filtered members when errorlevel=0"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-40909",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2025-05-30T13:00:49.546076+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: Perl threads have a working directory race condition where file operations may target unintended paths",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) or CWE-426: Untrusted Search Path vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces least functionality by enabling only essential features, services, and ports to reduce the system\u2019s attack surface. Static code analysis, peer reviews, and robust input validation and error handling detect unsafe input that could affect execution timing or path resolution. Real-time threat detection, including IPS/IDS, antimalware, and continuous system monitoring, enables rapid identification of exploitation attempts. Process isolation reduces the likelihood of concurrent execution conflicts and contains any impact to isolated workloads. Executable search paths are restricted to trusted, explicitly defined directories, mitigating the risk of executing malicious files. These controls effectively lower the likelihood and impact of race conditions and untrusted path exploitation in the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40909"
},
{
"category": "external",
"summary": "RHBZ#2369407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40909",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40909"
},
{
"category": "external",
"summary": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e",
"url": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch",
"url": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/issues/10387",
"url": "https://github.com/Perl/perl5/issues/10387"
},
{
"category": "external",
"summary": "https://github.com/Perl/perl5/issues/23010",
"url": "https://github.com/Perl/perl5/issues/23010"
},
{
"category": "external",
"summary": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads",
"url": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/22/2",
"url": "https://www.openwall.com/lists/oss-security/2025/05/22/2"
}
],
"release_date": "2025-05-30T12:20:11.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "perl: Perl threads have a working directory race condition where file operations may target unintended paths"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-06T15:26:03+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:18fa5a5b82d77afe7a92e0115daf8c23df0f817d5917747d35212dc7e4c66413_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2020475c1f39087c770ff031c3a4c0b384aa680b1b9a8278ad80d127420ffffc_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…