VDB
RHSA-2025%3A3565
RHSA-2025%3A3565
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-service-ca-rhel9-operator@sha256:a20d3679a754d383a3a98b1266863cec0e54269e5a9ee862fb18104f39b49a5e_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, *, * |
| Red Hat | openshift4/ose-installer-altinfra-rhel9@sha256:fabf577016ed47db8a337e1e0a7850528d91e69d55c72c82875f6bb01a531077_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-installer-altinfra-rhel9@sha256:fabf577016ed47db8a337e1e0a7850528d91e69d55c72c82875f6bb01a531077_arm64, openshift4/ose-installer-altinfra-rhel9@sha256:fabf577016ed47db8a337e1e0a7850528d91e69d55c72c82875f6bb01a531077_arm64, openshift4/ose-installer-altinfra-rhel9@sha256:fabf577016ed47db8a337e1e0a7850528d91e69d55c72c82875f6bb01a531077_arm64 |
| Red Hat | openshift4/ose-cluster-network-rhel9-operator@sha256:94af888c71735513c0feefa9986053f9577a708197b86db706575f22666694f7_s390x as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-cluster-network-rhel9-operator@sha256:94af888c71735513c0feefa9986053f9577a708197b86db706575f22666694f7_s390x, openshift4/ose-cluster-network-rhel9-operator@sha256:94af888c71735513c0feefa9986053f9577a708197b86db706575f22666694f7_s390x, openshift4/ose-cluster-network-rhel9-operator@sha256:94af888c71735513c0feefa9986053f9577a708197b86db706575f22666694f7_s390x |
| Red Hat | openshift4/ose-hypershift-rhel9@sha256:a4866f8ed2d4ac87f1fb4af0514ee984c4e7769cdce75e8e55ae6aeed1469992_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-hypershift-rhel9@sha256:a4866f8ed2d4ac87f1fb4af0514ee984c4e7769cdce75e8e55ae6aeed1469992_arm64, *, openshift4/ose-hypershift-rhel9@sha256:a4866f8ed2d4ac87f1fb4af0514ee984c4e7769cdce75e8e55ae6aeed1469992_arm64 |
| Red Hat | openshift4/ose-cluster-samples-rhel9-operator@sha256:7de776c05301ddb4c3005a3a7d3440e1899371de9f72301fce4e5a151c95f694_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-cluster-samples-rhel9-operator@sha256:7de776c05301ddb4c3005a3a7d3440e1899371de9f72301fce4e5a151c95f694_arm64, *, openshift4/ose-cluster-samples-rhel9-operator@sha256:7de776c05301ddb4c3005a3a7d3440e1899371de9f72301fce4e5a151c95f694_arm64 |
| Red Hat | openshift4/ose-baremetal-installer-rhel9@sha256:1440f78a610b0205e9ee0ffab7a99c035f9fab456dec76fc804aa14f87efda8c_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-baremetal-installer-rhel9@sha256:1440f78a610b0205e9ee0ffab7a99c035f9fab456dec76fc804aa14f87efda8c_ppc64le, openshift4/ose-baremetal-installer-rhel9@sha256:1440f78a610b0205e9ee0ffab7a99c035f9fab456dec76fc804aa14f87efda8c_ppc64le, openshift4/ose-baremetal-installer-rhel9@sha256:1440f78a610b0205e9ee0ffab7a99c035f9fab456dec76fc804aa14f87efda8c_ppc64le |
| Red Hat | openshift4/ose-cloud-credential-rhel9-operator@sha256:25e855545dad6fa69ae7c6b2d71acab49536f37dcc21c3f8ef2261a223d6eb1d_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-cloud-credential-rhel9-operator@sha256:25e855545dad6fa69ae7c6b2d71acab49536f37dcc21c3f8ef2261a223d6eb1d_ppc64le, *, openshift4/ose-cloud-credential-rhel9-operator@sha256:25e855545dad6fa69ae7c6b2d71acab49536f37dcc21c3f8ef2261a223d6eb1d_ppc64le |
| Red Hat | openshift4/ose-ironic-rhel9@sha256:af398edf44d883549d223fe002cc4b891b42c08eb5fb00436036a7665fc83eb9_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-ironic-rhel9@sha256:af398edf44d883549d223fe002cc4b891b42c08eb5fb00436036a7665fc83eb9_arm64, *, * |
| Red Hat | openshift4/ose-machine-config-rhel9-operator@sha256:ad7496211ecceec6768ad11f58250c19775bf4688d17d8727ddf6ce6f19407be_s390x as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-machine-config-rhel9-operator@sha256:ad7496211ecceec6768ad11f58250c19775bf4688d17d8727ddf6ce6f19407be_s390x, openshift4/ose-machine-config-rhel9-operator@sha256:ad7496211ecceec6768ad11f58250c19775bf4688d17d8727ddf6ce6f19407be_s390x, openshift4/ose-machine-config-rhel9-operator@sha256:ad7496211ecceec6768ad11f58250c19775bf4688d17d8727ddf6ce6f19407be_s390x |
| Red Hat | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:80039d520659915a61695bb747714a3fb445791a1ee9d0b27e5f0a96a31131fa_s390x as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:80039d520659915a61695bb747714a3fb445791a1ee9d0b27e5f0a96a31131fa_s390x, *, openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:80039d520659915a61695bb747714a3fb445791a1ee9d0b27e5f0a96a31131fa_s390x |
| Red Hat | openshift4/ose-tests-rhel9@sha256:23c2f43aa987eb6ee06ce77411279135192936b02ad8c0bfcf49685e6f89d581_s390x as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-tests-rhel9@sha256:23c2f43aa987eb6ee06ce77411279135192936b02ad8c0bfcf49685e6f89d581_s390x, openshift4/ose-tests-rhel9@sha256:23c2f43aa987eb6ee06ce77411279135192936b02ad8c0bfcf49685e6f89d581_s390x, openshift4/ose-tests-rhel9@sha256:23c2f43aa987eb6ee06ce77411279135192936b02ad8c0bfcf49685e6f89d581_s390x |
| Red Hat | openshift4/ose-tests-rhel9@sha256:33f0c8914e3eebcfb6178bd3275edb96905a995a1d36be722563f3cedf346f32_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-tests-rhel9@sha256:33f0c8914e3eebcfb6178bd3275edb96905a995a1d36be722563f3cedf346f32_ppc64le, openshift4/ose-tests-rhel9@sha256:33f0c8914e3eebcfb6178bd3275edb96905a995a1d36be722563f3cedf346f32_ppc64le, openshift4/ose-tests-rhel9@sha256:33f0c8914e3eebcfb6178bd3275edb96905a995a1d36be722563f3cedf346f32_ppc64le |
| Red Hat | openshift4/ose-cloud-credential-rhel9-operator@sha256:af4eb215e629922be2b7e2d1f7de69be3aeb05db7c45321da70887e65b7950e6_s390x as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-cloud-credential-rhel9-operator@sha256:af4eb215e629922be2b7e2d1f7de69be3aeb05db7c45321da70887e65b7950e6_s390x, *, openshift4/ose-cloud-credential-rhel9-operator@sha256:af4eb215e629922be2b7e2d1f7de69be3aeb05db7c45321da70887e65b7950e6_s390x |
| Red Hat | openshift4/ose-installer-rhel9@sha256:00c32aeea5f5782473f39f411f00bbb6b2068f06c449e7f4c0d015e9aeaa7856_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-installer-rhel9@sha256:00c32aeea5f5782473f39f411f00bbb6b2068f06c449e7f4c0d015e9aeaa7856_ppc64le, openshift4/ose-installer-rhel9@sha256:00c32aeea5f5782473f39f411f00bbb6b2068f06c449e7f4c0d015e9aeaa7856_ppc64le, openshift4/ose-installer-rhel9@sha256:00c32aeea5f5782473f39f411f00bbb6b2068f06c449e7f4c0d015e9aeaa7856_ppc64le |
| Red Hat | openshift4/ose-installer-artifacts-rhel9@sha256:ac70c909a3adc3217ff1787ba1115727690fe63b5ea68e91618a2350223c4d5b_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-installer-artifacts-rhel9@sha256:ac70c909a3adc3217ff1787ba1115727690fe63b5ea68e91618a2350223c4d5b_arm64, openshift4/ose-installer-artifacts-rhel9@sha256:ac70c909a3adc3217ff1787ba1115727690fe63b5ea68e91618a2350223c4d5b_arm64, openshift4/ose-installer-artifacts-rhel9@sha256:ac70c909a3adc3217ff1787ba1115727690fe63b5ea68e91618a2350223c4d5b_arm64 |
| Red Hat | openshift4/ose-docker-builder-rhel9@sha256:df428f1cfa76c3c471ef2cc23d0b5d70f99a0fe540e7e7c626ee86a876ba0eb5_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-docker-builder-rhel9@sha256:df428f1cfa76c3c471ef2cc23d0b5d70f99a0fe540e7e7c626ee86a876ba0eb5_ppc64le, openshift4/ose-docker-builder-rhel9@sha256:df428f1cfa76c3c471ef2cc23d0b5d70f99a0fe540e7e7c626ee86a876ba0eb5_ppc64le, * |
| Red Hat | openshift4/ose-machine-config-rhel9-operator@sha256:21005d09c99222a70c40667cddc57ff97748e884f7ca1b14f5f4eff55c608dbd_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-machine-config-rhel9-operator@sha256:21005d09c99222a70c40667cddc57ff97748e884f7ca1b14f5f4eff55c608dbd_amd64, openshift4/ose-machine-config-rhel9-operator@sha256:21005d09c99222a70c40667cddc57ff97748e884f7ca1b14f5f4eff55c608dbd_amd64, openshift4/ose-machine-config-rhel9-operator@sha256:21005d09c99222a70c40667cddc57ff97748e884f7ca1b14f5f4eff55c608dbd_amd64 |
| Red Hat | openshift4/ose-service-ca-rhel9-operator@sha256:a20d3679a754d383a3a98b1266863cec0e54269e5a9ee862fb18104f39b49a5e_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-service-ca-rhel9-operator@sha256:a20d3679a754d383a3a98b1266863cec0e54269e5a9ee862fb18104f39b49a5e_ppc64le, openshift4/ose-service-ca-rhel9-operator@sha256:a20d3679a754d383a3a98b1266863cec0e54269e5a9ee862fb18104f39b49a5e_ppc64le, openshift4/ose-service-ca-rhel9-operator@sha256:a20d3679a754d383a3a98b1266863cec0e54269e5a9ee862fb18104f39b49a5e_ppc64le |
| Red Hat | openshift4/ose-networking-console-plugin-rhel9@sha256:901c59ea45ca50177fbefdc3d7bca57b701fbe71a02040b0c8fe213d2629e216_s390x as a component of Red Hat OpenShift Container Platform 4.17 | *, openshift4/ose-networking-console-plugin-rhel9@sha256:901c59ea45ca50177fbefdc3d7bca57b701fbe71a02040b0c8fe213d2629e216_s390x, openshift4/ose-networking-console-plugin-rhel9@sha256:901c59ea45ca50177fbefdc3d7bca57b701fbe71a02040b0c8fe213d2629e216_s390x |
| Red Hat | openshift4/ose-hyperkube-rhel9@sha256:be6d0071f11769b8132ee98a9a04e1fe6354327ab5a0c9e620eb5c4b40d28545_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | openshift4/ose-hyperkube-rhel9@sha256:be6d0071f11769b8132ee98a9a04e1fe6354327ab5a0c9e620eb5c4b40d28545_ppc64le, openshift4/ose-hyperkube-rhel9@sha256:be6d0071f11769b8132ee98a9a04e1fe6354327ab5a0c9e620eb5c4b40d28545_ppc64le, openshift4/ose-hyperkube-rhel9@sha256:be6d0071f11769b8132ee98a9a04e1fe6354327ab5a0c9e620eb5c4b40d28545_ppc64le |
…and 176 more
Timeline
- Apr 9, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:3565 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2354195 issue
- https://issues.redhat.com/browse/OCPBUGS-34228 advisory
- https://issues.redhat.com/browse/OCPBUGS-51277 advisory
- https://issues.redhat.com/browse/OCPBUGS-52951 advisory
- https://issues.redhat.com/browse/OCPBUGS-53378 advisory
- https://issues.redhat.com/browse/OCPBUGS-54357 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3565.json advisory
- https://access.redhat.com/security/cve/CVE-2025-30204 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-30204 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-30204 advisory
- https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 advisory
- https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp advisory
- https://pkg.go.dev/vuln/GO-2025-3553 advisory