RHSA-2025:18028HighCVSS 7.5
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-4949 — org.eclipse.jgit: XXE vulnerability in Eclipse JGit CVE-2025-41248 — org.springframework.security/spring-security-core: Spring Security authorization bypass CVE-2025-41249 — org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability CVE-2025-58056 — netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions CVE-2025-59952 — io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2025:18028
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2367730
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2392996
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2395723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2395725
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2400380
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18028.json