VDB
ALSA-2025%3A9634
ALSA-2025%3A9634
PUBLISHED
Moderate: osbuild-composer security update
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| AlmaLinux:9 | osbuild-composer-worker | 0, 0 |
| AlmaLinux:9 | osbuild-composer-core | 0, 0 |
| AlmaLinux:9 | osbuild-composer | 0, 0 |
Exploit Intelligence
- yet-another-sort-grype.html (github-poc)
- yet-another-sort-grype.html (github-poc)
- request_smuggling.go (github-poc)
- request_smuggling.go (github-poc)
- .grype.yaml (github-poc)
- .grype.yaml (github-poc)
Timeline
- Jun 25, 2025 CVE Published
- Jun 30, 2025 CVE Updated
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2025:9634 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-22871 third-party-advisory
- https://bugzilla.redhat.com/2358493 third-party-advisory
- https://errata.almalinux.org/9/ALSA-2025-9634.html vendor-advisory