RHSA-2025:23528HighCVSS 7.7

Red Hat Security Advisory: multicluster engine for Kubernetes 2.6 security update

Published
December 17, 2025
Last Modified
July 3, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2025-7195 — operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd CVE-2025-7783 — form-data: Unsafe random function in form-data CVE-2025-9287 — cipher-base: Cipher-base hash manipulation CVE-2025-9288 — sha.js: Missing type checks leading to hash rewind and passing on crafted data

🔗 References (9)