rhsa-2025:9028
Vulnerability from csaf_redhat
Published
2025-06-12 15:31
Modified
2025-07-23 21:11
Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9028",
"url": "https://access.redhat.com/errata/RHSA-2025:9028"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4802",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9028.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2025-07-23T21:11:47+00:00",
"generator": {
"date": "2025-07-23T21:11:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.4"
}
},
"id": "RHSA-2025:9028",
"initial_release_date": "2025-06-12T15:31:37+00:00",
"revision_history": [
{
"date": "2025-06-12T15:31:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-12T15:31:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-23T21:11:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 1.14",
"product": {
"name": "Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Adcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.5-1749654812"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.5-1749654812"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2025-05-20T12:53:17.126000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367468"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploitable by a local attacker via a static setuid program that calls the dlopen function, causing the library to search LD_LIBRARY_PATH to locate the shared object name to load. No such programs have been found in Red Hat Enterprise Linux at the time of publishing this advisory. However, custom setuid programs, although strongly discouraged as a security practice, may exist and can not be discarded. Due to these reasons, this flaw has been rated with a moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-426: Untrusted Search Path) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces least functionality by enabling only essential features, services, and ports, thereby reducing the system\u2019s attack surface. Static code analysis, peer reviews, and robust input validation and error handling detect unsafe input that could affect execution timing or path resolution. Real-time threat detection, including IPS/IDS, antimalware, and continuous system monitoring, enables rapid identification of exploitation attempts. Process isolation and Kubernetes orchestration reduce the likelihood of concurrent execution conflicts and contain any impact to isolated workloads. Executable search paths are restricted to trusted, explicitly defined directories, mitigating the risk of executing malicious files. These controls effectively lower the likelihood and impact of race conditions and untrusted path exploitation in the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "RHBZ#2367468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/16/7",
"url": "https://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/17/2",
"url": "https://www.openwall.com/lists/oss-security/2025/05/17/2"
}
],
"release_date": "2025-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-12T15:31:37+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:965b6d045793756053e646090f2b378d94d01c043f5e949d064d8c16f3062dd9_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:dcd0d1f2506998720ba82cbb4090151f4c7dfc209e9f938bd3a5898b28e5be34_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…