Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.04%
11.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | redhat-developer/gitops-operator | 0 |
| redhat-developer | gitops-operator | 0 |
| Red Hat | Red Hat OpenShift GitOps 1.16 | sha256:c41c99f360a2515bce55c42e309e2c72500ba66d3a2c461412dee7de5ea9a9fa |
| Red Hat | Red Hat OpenShift GitOps 1.17 | sha256:27e7a59bb5c5f60be7509e5f4f07f4181d62e6583a943c46f56f568bfc30c2c1 |
| Red Hat | Red Hat OpenShift GitOps | |
| Red Hat | Red Hat OpenShift GitOps 1.18 | sha256:3eb6308c58365182b4b5b5aabf35754d821e25b8a04b0595900fb47d52cd3ecc, sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300 |
Timeline
- May 26, 2025 Fix PR Merged
- Dec 15, 2025 CVE Published
- Dec 16, 2025 EPSS Score
- Dec 16, 2025 PoC Published
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 12, 2026 EPSS Score
References
- RHSA-2025:23203 vendor-advisory
- RHSA-2025:23206 vendor-advisory
- RHSA-2025:23207 vendor-advisory
- RHSA-2026:1017 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-13888 vdb
- RHBZ#2418361 issue
- https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef url
- https://github.com/redhat-developer/gitops-operator/pull/897 url
- https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-13888 advisory
- https://github.com/redhat-developer/gitops-operator package