CVE-2025-25208 — Vulnetix

CVE-2025-25208 PUBLISHED CVSS 5.699999809265137 MEDIUM

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

EPSS 0.05% · 15.2th percentile

Risk Scores

CVSS 3.1

5.699999809265137

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.05%

15.2th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Connectivity Link 1
		1.0.1, 1.0.1
github.com	kuadrant/authorino	0, 0

Exploit Intelligence

CIRCL seen: CVE-2025-25208 (circl-sighting)
https://access.redhat.com/security/cve/CVE-2025-25208 (circl)
RHBZ#2347436 (circl)

Timeline

Jun 9, 2025 CVE Published
Jun 9, 2025 EPSS Score
Jun 9, 2025 Coalition ESS Score
Jun 9, 2025 PoC Published
Jun 10, 2025 CVE Updated
Jun 20, 2025 EPSS Score
Jun 30, 2025 EPSS Score
Jul 11, 2025 EPSS Score
Jul 21, 2025 EPSS Score
Aug 1, 2025 EPSS Score
Aug 11, 2025 EPSS Score
Aug 22, 2025 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2025-25208 vdb
RHBZ#2347436 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-25208 advisory
https://github.com/Kuadrant/authorino package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›