RHSA-2025:23529HighCVSS 7.7
Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes 2.11.9 security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2025-7195 — operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd CVE-2025-7783 — form-data: Unsafe random function in form-data CVE-2025-9287 — cipher-base: Cipher-base hash manipulation CVE-2025-9288 — sha.js: Missing type checks leading to hash rewind and passing on crafted data
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2025:23529
- externalhttps://access.redhat.com/security/cve/CVE-2023-44487
- externalhttps://access.redhat.com/security/cve/CVE-2025-7195
- externalhttps://access.redhat.com/security/cve/CVE-2025-7783
- externalhttps://access.redhat.com/security/cve/CVE-2025-9287
- externalhttps://access.redhat.com/security/cve/CVE-2025-9288
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/updates/classification/#important
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23529.json