VDB
RHSA-2025%3A4502
RHSA-2025%3A4502
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhacm2/iam-policy-controller-rhel9@sha256:64da152f4ad86ba6fed41f6164a85bbde9ea2013a87cd289f7885cc48e3e336c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/iam-policy-controller-rhel9@sha256:64da152f4ad86ba6fed41f6164a85bbde9ea2013a87cd289f7885cc48e3e336c_s390x, rhacm2/iam-policy-controller-rhel9@sha256:64da152f4ad86ba6fed41f6164a85bbde9ea2013a87cd289f7885cc48e3e336c_s390x, rhacm2/iam-policy-controller-rhel9@sha256:64da152f4ad86ba6fed41f6164a85bbde9ea2013a87cd289f7885cc48e3e336c_s390x |
| Red Hat | rhacm2/acm-prometheus-config-reloader-rhel9@sha256:7ba6f25328c669535a8f57ebbbefaa69de866d0645c833ffaa61b404dfdc4e01_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/acm-prometheus-config-reloader-rhel9@sha256:7ba6f25328c669535a8f57ebbbefaa69de866d0645c833ffaa61b404dfdc4e01_ppc64le, rhacm2/acm-prometheus-config-reloader-rhel9@sha256:7ba6f25328c669535a8f57ebbbefaa69de866d0645c833ffaa61b404dfdc4e01_ppc64le, * |
| Red Hat | rhacm2/multicloud-integrations-rhel9@sha256:a79fb16c1a9622daa6a3321d4bf5c33395919395244fe02026e047a8952726bf_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/multicloud-integrations-rhel9@sha256:a79fb16c1a9622daa6a3321d4bf5c33395919395244fe02026e047a8952726bf_ppc64le, rhacm2/multicloud-integrations-rhel9@sha256:a79fb16c1a9622daa6a3321d4bf5c33395919395244fe02026e047a8952726bf_ppc64le, * |
| Red Hat | rhacm2/node-exporter-rhel9@sha256:c807f86a7cc10cf3c1f4522cc283cf88c54eaf292a9287357259e3247c64625b_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/node-exporter-rhel9@sha256:c807f86a7cc10cf3c1f4522cc283cf88c54eaf292a9287357259e3247c64625b_s390x, *, * |
| Red Hat | rhacm2/rbac-query-proxy-rhel9@sha256:8d56746fe5a8f43cabafb88dab77daeef0d1ed64d5508cc9799ff84bda11bdbe_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, rhacm2/rbac-query-proxy-rhel9@sha256:8d56746fe5a8f43cabafb88dab77daeef0d1ed64d5508cc9799ff84bda11bdbe_s390x |
| Red Hat | rhacm2/acm-governance-policy-addon-controller-rhel9@sha256:88d17ea71ed0b440c3efd893f93ac2b95bc6de7ab94f5c543c9facd6a3438204_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, * |
| Red Hat | rhacm2/acm-volsync-addon-controller-rhel9@sha256:2b7a8abaf801e2c17212cdc97c66470c8bed8cb721fd6f40c3ee552aa758b728_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, rhacm2/acm-volsync-addon-controller-rhel9@sha256:2b7a8abaf801e2c17212cdc97c66470c8bed8cb721fd6f40c3ee552aa758b728_amd64 |
| Red Hat | rhacm2/acm-prometheus-config-reloader-rhel9@sha256:30c22c44b24dcb7318f67dcafbc1d4149555196db9db0701f20a45e994e82d6d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, rhacm2/acm-prometheus-config-reloader-rhel9@sha256:30c22c44b24dcb7318f67dcafbc1d4149555196db9db0701f20a45e994e82d6d_arm64, rhacm2/acm-prometheus-config-reloader-rhel9@sha256:30c22c44b24dcb7318f67dcafbc1d4149555196db9db0701f20a45e994e82d6d_arm64 |
| Red Hat | rhacm2/kube-rbac-proxy-rhel9@sha256:937a8eb583e1516d3f13b6275ba81fdfcaf79f7da06282d1f11b616e48b20a12_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/kube-rbac-proxy-rhel9@sha256:937a8eb583e1516d3f13b6275ba81fdfcaf79f7da06282d1f11b616e48b20a12_ppc64le, rhacm2/kube-rbac-proxy-rhel9@sha256:937a8eb583e1516d3f13b6275ba81fdfcaf79f7da06282d1f11b616e48b20a12_ppc64le, rhacm2/kube-rbac-proxy-rhel9@sha256:937a8eb583e1516d3f13b6275ba81fdfcaf79f7da06282d1f11b616e48b20a12_ppc64le |
| Red Hat | rhacm2/config-policy-controller-rhel9@sha256:e5cb64e892c3bccc18045821c594121a89311118008a9ec548ad8b915fd6e47e_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/config-policy-controller-rhel9@sha256:e5cb64e892c3bccc18045821c594121a89311118008a9ec548ad8b915fd6e47e_s390x, rhacm2/config-policy-controller-rhel9@sha256:e5cb64e892c3bccc18045821c594121a89311118008a9ec548ad8b915fd6e47e_s390x, rhacm2/config-policy-controller-rhel9@sha256:e5cb64e892c3bccc18045821c594121a89311118008a9ec548ad8b915fd6e47e_s390x |
| Red Hat | rhacm2/acm-cluster-permission-rhel9@sha256:b6159952750ba483113767c826a7d71bd12e0f2fb442bf6912a7e041d8242732_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/acm-cluster-permission-rhel9@sha256:b6159952750ba483113767c826a7d71bd12e0f2fb442bf6912a7e041d8242732_amd64, rhacm2/acm-cluster-permission-rhel9@sha256:b6159952750ba483113767c826a7d71bd12e0f2fb442bf6912a7e041d8242732_amd64, rhacm2/acm-cluster-permission-rhel9@sha256:b6159952750ba483113767c826a7d71bd12e0f2fb442bf6912a7e041d8242732_amd64 |
| Red Hat | rhacm2/thanos-receive-controller-rhel9@sha256:96a8550135e93eb5375f7874f63832c54bee7da9a64ee95cb403474b864f1f26_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, * |
| Red Hat | rhacm2/console-rhel9@sha256:d720f0b2a9f24b9d6fca60d8765dd1675611da708259e13375ad86855808aa6d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/console-rhel9@sha256:d720f0b2a9f24b9d6fca60d8765dd1675611da708259e13375ad86855808aa6d_s390x, *, rhacm2/console-rhel9@sha256:d720f0b2a9f24b9d6fca60d8765dd1675611da708259e13375ad86855808aa6d_s390x |
| Red Hat | rhacm2/acm-cluster-permission-rhel9@sha256:017c8418d8d57ca97e30717338657999336bb7c899e45ed1503c6b8effbaaa75_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/acm-cluster-permission-rhel9@sha256:017c8418d8d57ca97e30717338657999336bb7c899e45ed1503c6b8effbaaa75_arm64, rhacm2/acm-cluster-permission-rhel9@sha256:017c8418d8d57ca97e30717338657999336bb7c899e45ed1503c6b8effbaaa75_arm64, rhacm2/acm-cluster-permission-rhel9@sha256:017c8418d8d57ca97e30717338657999336bb7c899e45ed1503c6b8effbaaa75_arm64 |
| Red Hat | rhacm2/prometheus-alertmanager-rhel9@sha256:3438b88d687029d0c74d2363cb8364efa38908a685de730fbe575b5bd554bf0b_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, rhacm2/prometheus-alertmanager-rhel9@sha256:3438b88d687029d0c74d2363cb8364efa38908a685de730fbe575b5bd554bf0b_arm64 |
| Red Hat | rhacm2/multiclusterhub-rhel9@sha256:1724fa200f77e1e424162cf5a14911974f22b648f5be56c97097266ad1f1b5cd_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/multiclusterhub-rhel9@sha256:1724fa200f77e1e424162cf5a14911974f22b648f5be56c97097266ad1f1b5cd_arm64, *, rhacm2/multiclusterhub-rhel9@sha256:1724fa200f77e1e424162cf5a14911974f22b648f5be56c97097266ad1f1b5cd_arm64 |
| Red Hat | rhacm2/console-rhel9@sha256:d0128fa2853190d849d2800435caab91f1f65acc9ed052f9517b6833990a6a16_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/console-rhel9@sha256:d0128fa2853190d849d2800435caab91f1f65acc9ed052f9517b6833990a6a16_ppc64le, rhacm2/console-rhel9@sha256:d0128fa2853190d849d2800435caab91f1f65acc9ed052f9517b6833990a6a16_ppc64le, * |
| Red Hat | rhacm2/memcached-rhel9@sha256:1e92711dafd8a63db60c1d109edfd3a948480d71d43a6f504af8f9154df66fa0_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/memcached-rhel9@sha256:1e92711dafd8a63db60c1d109edfd3a948480d71d43a6f504af8f9154df66fa0_arm64, *, rhacm2/memcached-rhel9@sha256:1e92711dafd8a63db60c1d109edfd3a948480d71d43a6f504af8f9154df66fa0_arm64 |
| Red Hat | rhacm2/cluster-backup-rhel9-operator@sha256:78d3cbe57b74b2a1ce3034e9b5f57ba9cd4a7b23b0fac463dc2b63f613daefb1_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | *, *, rhacm2/cluster-backup-rhel9-operator@sha256:78d3cbe57b74b2a1ce3034e9b5f57ba9cd4a7b23b0fac463dc2b63f613daefb1_arm64 |
| Red Hat | rhacm2/multicluster-operators-application-rhel9@sha256:b91fd3b200600cac0c49a910f6b05007c6e9a63dcbc7ff334e246f2eafdbd806_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | rhacm2/multicluster-operators-application-rhel9@sha256:b91fd3b200600cac0c49a910f6b05007c6e9a63dcbc7ff334e246f2eafdbd806_amd64, *, * |
…and 330 more
Timeline
- May 6, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jun 18, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:4502 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/release_notes/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2348367 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2354195 issue
- https://issues.redhat.com/browse/ACM-10166 advisory
- https://issues.redhat.com/browse/ACM-17998 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4502.json advisory
- https://access.redhat.com/security/cve/CVE-2025-22869 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-22869 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-22869 advisory
- https://go.dev/cl/652135 advisory
- https://go.dev/issue/71931 advisory
- https://pkg.go.dev/vuln/GO-2025-3487 advisory
- https://access.redhat.com/security/cve/CVE-2025-30204 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-30204 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-30204 advisory
- https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 advisory
- https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp advisory
- https://pkg.go.dev/vuln/GO-2025-3553 advisory