VDB
RHSA-2025%3A4002
RHSA-2025%3A4002
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhacm2/cluster-backup-rhel9-operator@sha256:9238ce54c347e11711dc0ec767fa648a1f864f4e07d9c136c5cf92d6fbe9bd28_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/cluster-backup-rhel9-operator@sha256:9238ce54c347e11711dc0ec767fa648a1f864f4e07d9c136c5cf92d6fbe9bd28_ppc64le, *, * |
| Red Hat | rhacm2/acm-grafana-rhel9@sha256:cba571ae8578ef23b8961d060766ecfbcb88a17bf84b99fc2b032a06d13eb14a_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/acm-grafana-rhel9@sha256:cba571ae8578ef23b8961d060766ecfbcb88a17bf84b99fc2b032a06d13eb14a_arm64, rhacm2/acm-grafana-rhel9@sha256:cba571ae8578ef23b8961d060766ecfbcb88a17bf84b99fc2b032a06d13eb14a_arm64 |
| Red Hat | rhacm2/cert-policy-controller-rhel9@sha256:1a2b44982a8fd390cb1ca0ee16968101c7b5066b766d571df6d8a2d4550f5bd9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/cert-policy-controller-rhel9@sha256:1a2b44982a8fd390cb1ca0ee16968101c7b5066b766d571df6d8a2d4550f5bd9_arm64, *, * |
| Red Hat | rhacm2/thanos-receive-controller-rhel9@sha256:cd4530891ddb67b1c1e1cbce6b34def31cc9b5db5a4df4e603a7cbfae8de9d35_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/thanos-receive-controller-rhel9@sha256:cd4530891ddb67b1c1e1cbce6b34def31cc9b5db5a4df4e603a7cbfae8de9d35_s390x, * |
| Red Hat | rhacm2/multicluster-observability-rhel9-operator@sha256:1925700225f91d1997e5d06b330e6d15224ce13773296fb3f7f5fd6a521311e5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/multicluster-observability-rhel9-operator@sha256:1925700225f91d1997e5d06b330e6d15224ce13773296fb3f7f5fd6a521311e5_s390x, rhacm2/multicluster-observability-rhel9-operator@sha256:1925700225f91d1997e5d06b330e6d15224ce13773296fb3f7f5fd6a521311e5_s390x |
| Red Hat | rhacm2/search-collector-rhel9@sha256:ad2018f6cc060f8dbee32fab7883700878abd7bd4125e7d9e3f49e4ba1677bc1_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/search-collector-rhel9@sha256:ad2018f6cc060f8dbee32fab7883700878abd7bd4125e7d9e3f49e4ba1677bc1_arm64, *, * |
| Red Hat | rhacm2/klusterlet-addon-controller-rhel9@sha256:95e57fa1c4e73cd4ca66c570dd8581713a1261534927c62b8c6573afd3b6aa49_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/klusterlet-addon-controller-rhel9@sha256:95e57fa1c4e73cd4ca66c570dd8581713a1261534927c62b8c6573afd3b6aa49_s390x, rhacm2/klusterlet-addon-controller-rhel9@sha256:95e57fa1c4e73cd4ca66c570dd8581713a1261534927c62b8c6573afd3b6aa49_s390x, rhacm2/klusterlet-addon-controller-rhel9@sha256:95e57fa1c4e73cd4ca66c570dd8581713a1261534927c62b8c6573afd3b6aa49_s390x |
| Red Hat | rhacm2/cert-policy-controller-rhel9@sha256:883b92598fef212dca4940cebacf15911f1862e6290db891cfc36072276c7568_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/cert-policy-controller-rhel9@sha256:883b92598fef212dca4940cebacf15911f1862e6290db891cfc36072276c7568_ppc64le, rhacm2/cert-policy-controller-rhel9@sha256:883b92598fef212dca4940cebacf15911f1862e6290db891cfc36072276c7568_ppc64le, rhacm2/cert-policy-controller-rhel9@sha256:883b92598fef212dca4940cebacf15911f1862e6290db891cfc36072276c7568_ppc64le |
| Red Hat | rhacm2/multicloud-integrations-rhel9@sha256:02d821166c4277e3b0d6f2b1aa872f920f31f386a9e0f67926957ce9506a56b9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/multicloud-integrations-rhel9@sha256:02d821166c4277e3b0d6f2b1aa872f920f31f386a9e0f67926957ce9506a56b9_amd64, rhacm2/multicloud-integrations-rhel9@sha256:02d821166c4277e3b0d6f2b1aa872f920f31f386a9e0f67926957ce9506a56b9_amd64, rhacm2/multicloud-integrations-rhel9@sha256:02d821166c4277e3b0d6f2b1aa872f920f31f386a9e0f67926957ce9506a56b9_amd64 |
| Red Hat | rhacm2/acm-search-v2-rhel9@sha256:6b339ac241962bdfe0f3a36e2170cb629bf36b2067619cad092ada75724e1b5e_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/acm-search-v2-rhel9@sha256:6b339ac241962bdfe0f3a36e2170cb629bf36b2067619cad092ada75724e1b5e_ppc64le, rhacm2/acm-search-v2-rhel9@sha256:6b339ac241962bdfe0f3a36e2170cb629bf36b2067619cad092ada75724e1b5e_ppc64le, * |
| Red Hat | rhacm2/acm-cluster-permission-rhel9@sha256:6a5158e9448c2e13c12ddcec134989927b2cbf2df2aeaafb12175ce9cb57f643_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, *, rhacm2/acm-cluster-permission-rhel9@sha256:6a5158e9448c2e13c12ddcec134989927b2cbf2df2aeaafb12175ce9cb57f643_arm64 |
| Red Hat | rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64, rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64 |
| Red Hat | rhacm2/rbac-query-proxy-rhel9@sha256:a87ab104dd8890cd9773a1f1ba40d6b0033e50ac61b54a723061d6bb91de9b31_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/rbac-query-proxy-rhel9@sha256:a87ab104dd8890cd9773a1f1ba40d6b0033e50ac61b54a723061d6bb91de9b31_arm64, rhacm2/rbac-query-proxy-rhel9@sha256:a87ab104dd8890cd9773a1f1ba40d6b0033e50ac61b54a723061d6bb91de9b31_arm64, rhacm2/rbac-query-proxy-rhel9@sha256:a87ab104dd8890cd9773a1f1ba40d6b0033e50ac61b54a723061d6bb91de9b31_arm64 |
| Red Hat | rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:b9cfe9b6a945da7923b358f494e0cd212c8b6eb77d5e8580616d206c6b941d27_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:b9cfe9b6a945da7923b358f494e0cd212c8b6eb77d5e8580616d206c6b941d27_arm64, rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:b9cfe9b6a945da7923b358f494e0cd212c8b6eb77d5e8580616d206c6b941d27_arm64 |
| Red Hat | rhacm2/rbac-query-proxy-rhel9@sha256:c2972e453d001cf38007e4a127b66f7f71c4f0b0055da7447e623f25944de0e5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/rbac-query-proxy-rhel9@sha256:c2972e453d001cf38007e4a127b66f7f71c4f0b0055da7447e623f25944de0e5_s390x, *, rhacm2/rbac-query-proxy-rhel9@sha256:c2972e453d001cf38007e4a127b66f7f71c4f0b0055da7447e623f25944de0e5_s390x |
| Red Hat | rhacm2/thanos-receive-controller-rhel9@sha256:94cb7a68a23ce20d1442d60e9c3ef2fe6cf51d40721927c43aeb61c5175e7ca4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/thanos-receive-controller-rhel9@sha256:94cb7a68a23ce20d1442d60e9c3ef2fe6cf51d40721927c43aeb61c5175e7ca4_amd64, rhacm2/thanos-receive-controller-rhel9@sha256:94cb7a68a23ce20d1442d60e9c3ef2fe6cf51d40721927c43aeb61c5175e7ca4_amd64 |
| Red Hat | rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64, *, rhacm2/multicluster-observability-rhel9-operator@sha256:085f0362753605c76602430a5103d9b261a8034afdea33fc4247246b3c5bb887_arm64 |
| Red Hat | rhacm2/console-rhel9@sha256:4af2b7851dfc52a25bc7740d5a27754f617166c88e1d52dfb09ca9bfdd391e54_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, *, rhacm2/console-rhel9@sha256:4af2b7851dfc52a25bc7740d5a27754f617166c88e1d52dfb09ca9bfdd391e54_amd64 |
| Red Hat | rhacm2/endpoint-monitoring-rhel9-operator@sha256:a8c452ac9836900d87d2fb3c03732ca49356c3ea1c1e0168d5149f88054e3073_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | *, rhacm2/endpoint-monitoring-rhel9-operator@sha256:a8c452ac9836900d87d2fb3c03732ca49356c3ea1c1e0168d5149f88054e3073_amd64, rhacm2/endpoint-monitoring-rhel9-operator@sha256:a8c452ac9836900d87d2fb3c03732ca49356c3ea1c1e0168d5149f88054e3073_amd64 |
| Red Hat | rhacm2/acm-cluster-permission-rhel9@sha256:be6105c9172a0740c4465f62132766db56d65f9014b02d124839aaa7efd23fa1_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | rhacm2/acm-cluster-permission-rhel9@sha256:be6105c9172a0740c4465f62132766db56d65f9014b02d124839aaa7efd23fa1_amd64, *, rhacm2/acm-cluster-permission-rhel9@sha256:be6105c9172a0740c4465f62132766db56d65f9014b02d124839aaa7efd23fa1_amd64 |
…and 347 more
Timeline
- Apr 17, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jun 18, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:4002 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2348366 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2348367 issue
- https://issues.redhat.com/browse/ACM-11757 advisory
- https://issues.redhat.com/browse/ACM-16238 advisory
- https://issues.redhat.com/browse/ACM-16493 advisory
- https://issues.redhat.com/browse/ACM-17065 advisory
- https://issues.redhat.com/browse/ACM-17553 advisory
- https://issues.redhat.com/browse/ACM-17877 advisory
- https://issues.redhat.com/browse/ACM-18000 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4002.json advisory
- https://access.redhat.com/security/cve/CVE-2025-22868 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-22868 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-22868 advisory
- https://go.dev/cl/652155 advisory
- https://go.dev/issue/71490 advisory
- https://pkg.go.dev/vuln/GO-2025-3488 advisory
- https://access.redhat.com/security/cve/CVE-2025-22869 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-22869 advisory
…and 4 more