VDB
RHSA-2025%3A8691
RHSA-2025%3A8691
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhacm2/nettest-rhel9@sha256:4f2aee7f7c6b338bd2346a20388b546d7a1aa02e84b7abadc1e926b201ec4d97_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/nettest-rhel9@sha256:4f2aee7f7c6b338bd2346a20388b546d7a1aa02e84b7abadc1e926b201ec4d97_ppc64le, rhacm2/nettest-rhel9@sha256:4f2aee7f7c6b338bd2346a20388b546d7a1aa02e84b7abadc1e926b201ec4d97_ppc64le, rhacm2/nettest-rhel9@sha256:4f2aee7f7c6b338bd2346a20388b546d7a1aa02e84b7abadc1e926b201ec4d97_ppc64le |
| Red Hat | rhacm2/submariner-rhel9-operator@sha256:50dae447651e1752431208c46c50568066fcb6dc8ca3a405d7c0f4f4b8aecfd3_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, rhacm2/submariner-rhel9-operator@sha256:50dae447651e1752431208c46c50568066fcb6dc8ca3a405d7c0f4f4b8aecfd3_s390x, * |
| Red Hat | rhacm2/lighthouse-agent-rhel9@sha256:f551c0c21d76bd9d1bf22a3451baad512ead453464a4a6d56feb7a2c706060e0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/lighthouse-agent-rhel9@sha256:f551c0c21d76bd9d1bf22a3451baad512ead453464a4a6d56feb7a2c706060e0_amd64, rhacm2/lighthouse-agent-rhel9@sha256:f551c0c21d76bd9d1bf22a3451baad512ead453464a4a6d56feb7a2c706060e0_amd64, rhacm2/lighthouse-agent-rhel9@sha256:f551c0c21d76bd9d1bf22a3451baad512ead453464a4a6d56feb7a2c706060e0_amd64 |
| Red Hat | rhacm2/submariner-route-agent-rhel9@sha256:b4cb56207415dba58e26dbd0c20ab03bd7d373ed4dbe38afff625c09b0c34045_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, *, rhacm2/submariner-route-agent-rhel9@sha256:b4cb56207415dba58e26dbd0c20ab03bd7d373ed4dbe38afff625c09b0c34045_s390x |
| Red Hat | rhacm2/submariner-operator-bundle@sha256:0afb3c827adda79c353e8d1e8c5295f93c866558c6c1f5c6ff0d6e532e103152_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, rhacm2/submariner-operator-bundle@sha256:0afb3c827adda79c353e8d1e8c5295f93c866558c6c1f5c6ff0d6e532e103152_ppc64le, rhacm2/submariner-operator-bundle@sha256:0afb3c827adda79c353e8d1e8c5295f93c866558c6c1f5c6ff0d6e532e103152_ppc64le |
| Red Hat | rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64, *, rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64 |
| Red Hat | rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x, *, * |
| Red Hat | rhacm2/submariner-gateway-rhel9@sha256:464177ebc6dbf5dec0358624c06ae0c878987bdb14773572ae78628ef2d0d850_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-gateway-rhel9@sha256:464177ebc6dbf5dec0358624c06ae0c878987bdb14773572ae78628ef2d0d850_arm64, rhacm2/submariner-gateway-rhel9@sha256:464177ebc6dbf5dec0358624c06ae0c878987bdb14773572ae78628ef2d0d850_arm64, * |
| Red Hat | rhacm2/submariner-operator-bundle@sha256:90505e5ffaee7af330306c4e045d3755e0c74d30b9f45e1e7739c205d945872d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-operator-bundle@sha256:90505e5ffaee7af330306c4e045d3755e0c74d30b9f45e1e7739c205d945872d_amd64, rhacm2/submariner-operator-bundle@sha256:90505e5ffaee7af330306c4e045d3755e0c74d30b9f45e1e7739c205d945872d_amd64, rhacm2/submariner-operator-bundle@sha256:90505e5ffaee7af330306c4e045d3755e0c74d30b9f45e1e7739c205d945872d_amd64 |
| Red Hat | rhacm2/lighthouse-agent-rhel9@sha256:2a9db14fa216426d95d202069e5760c42c69cf9103b4c5329750fbb6d82c75e9_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, *, rhacm2/lighthouse-agent-rhel9@sha256:2a9db14fa216426d95d202069e5760c42c69cf9103b4c5329750fbb6d82c75e9_s390x |
| Red Hat | rhacm2/submariner-rhel9-operator@sha256:f6ac444edb3e2520dd9d8bdd02d6a601799f147e78076b131d0c79fa45a91549_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, rhacm2/submariner-rhel9-operator@sha256:f6ac444edb3e2520dd9d8bdd02d6a601799f147e78076b131d0c79fa45a91549_ppc64le, rhacm2/submariner-rhel9-operator@sha256:f6ac444edb3e2520dd9d8bdd02d6a601799f147e78076b131d0c79fa45a91549_ppc64le |
| Red Hat | rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x, rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x, rhacm2/submariner-globalnet-rhel9@sha256:4da2c708f36e002ace1a968269b7cdc7e1d230bc479b9adeb72f1fd01fc47126_s390x |
| Red Hat | rhacm2/lighthouse-coredns-rhel9@sha256:70746910e44b2eb8b06540fd8f04d47ff7f81fb8d6306cb4320e45d313d20e06_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/lighthouse-coredns-rhel9@sha256:70746910e44b2eb8b06540fd8f04d47ff7f81fb8d6306cb4320e45d313d20e06_arm64, rhacm2/lighthouse-coredns-rhel9@sha256:70746910e44b2eb8b06540fd8f04d47ff7f81fb8d6306cb4320e45d313d20e06_arm64, rhacm2/lighthouse-coredns-rhel9@sha256:70746910e44b2eb8b06540fd8f04d47ff7f81fb8d6306cb4320e45d313d20e06_arm64 |
| Red Hat | rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64, rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64, rhacm2/submariner-globalnet-rhel9@sha256:ac3c412a954d413a94477f6d8fe0b6ed8106be8ad5f18a3d025ed6f2e7c92e39_arm64 |
| Red Hat | rhacm2/nettest-rhel9@sha256:cb76796c20f623626a910d7e91a3f532e3859374241409413b9d73f78a02cb2c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/nettest-rhel9@sha256:cb76796c20f623626a910d7e91a3f532e3859374241409413b9d73f78a02cb2c_s390x, rhacm2/nettest-rhel9@sha256:cb76796c20f623626a910d7e91a3f532e3859374241409413b9d73f78a02cb2c_s390x, rhacm2/nettest-rhel9@sha256:cb76796c20f623626a910d7e91a3f532e3859374241409413b9d73f78a02cb2c_s390x |
| Red Hat | rhacm2/subctl-rhel9@sha256:b6149d811167a0dce536c965ce40b895a4cb1a9f164bc76f6cc3a935ab31a5f0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/subctl-rhel9@sha256:b6149d811167a0dce536c965ce40b895a4cb1a9f164bc76f6cc3a935ab31a5f0_amd64, rhacm2/subctl-rhel9@sha256:b6149d811167a0dce536c965ce40b895a4cb1a9f164bc76f6cc3a935ab31a5f0_amd64, rhacm2/subctl-rhel9@sha256:b6149d811167a0dce536c965ce40b895a4cb1a9f164bc76f6cc3a935ab31a5f0_amd64 |
| Red Hat | rhacm2/lighthouse-coredns-rhel9@sha256:b48943833247d310361a59aa94ae763dee54969d9dff878215ca026775d8a4d4_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/lighthouse-coredns-rhel9@sha256:b48943833247d310361a59aa94ae763dee54969d9dff878215ca026775d8a4d4_ppc64le, *, * |
| Red Hat | rhacm2/lighthouse-coredns-rhel9@sha256:d9b9c13df0d49620d7250690e73d4c0c46943c87df518b00241c7f4902a9c6df_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/lighthouse-coredns-rhel9@sha256:d9b9c13df0d49620d7250690e73d4c0c46943c87df518b00241c7f4902a9c6df_amd64, *, rhacm2/lighthouse-coredns-rhel9@sha256:d9b9c13df0d49620d7250690e73d4c0c46943c87df518b00241c7f4902a9c6df_amd64 |
| Red Hat | rhacm2/lighthouse-agent-rhel9@sha256:5c4b37026e58b2076c283e7c8a6c0a10f19409d348c7273d7c90f4faaea75724_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | rhacm2/lighthouse-agent-rhel9@sha256:5c4b37026e58b2076c283e7c8a6c0a10f19409d348c7273d7c90f4faaea75724_arm64, rhacm2/lighthouse-agent-rhel9@sha256:5c4b37026e58b2076c283e7c8a6c0a10f19409d348c7273d7c90f4faaea75724_arm64, rhacm2/lighthouse-agent-rhel9@sha256:5c4b37026e58b2076c283e7c8a6c0a10f19409d348c7273d7c90f4faaea75724_arm64 |
| Red Hat | rhacm2/submariner-route-agent-rhel9@sha256:39208ace7f2a9bd72696d0b38a7ccaf28631a86aedcbaa8b95f656a2d53b69db_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9 | *, rhacm2/submariner-route-agent-rhel9@sha256:39208ace7f2a9bd72696d0b38a7ccaf28631a86aedcbaa8b95f656a2d53b69db_ppc64le, rhacm2/submariner-route-agent-rhel9@sha256:39208ace7f2a9bd72696d0b38a7ccaf28631a86aedcbaa8b95f656a2d53b69db_ppc64le |
…and 52 more
Exploit Intelligence
- yet-another-sort-grype.html (github-poc)
- go.yml (github-poc)
- request_smuggling.go (github-poc)
- .grype.yaml (github-poc)
Timeline
- Jun 9, 2025 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- May 28, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:8691 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2354195 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2358493 issue
- https://issues.redhat.com/browse/ACM-20580 advisory
- https://issues.redhat.com/browse/HYPBLD-664 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8691.json advisory
- https://access.redhat.com/security/cve/CVE-2025-22871 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-22871 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-22871 advisory
- https://go.dev/cl/652998 advisory
- https://go.dev/issue/71988 advisory
- https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk advisory
- https://pkg.go.dev/vuln/GO-2025-3563 advisory
- https://access.redhat.com/security/cve/CVE-2025-30204 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-30204 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-30204 advisory
- https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 advisory
- https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp advisory
- https://pkg.go.dev/vuln/GO-2025-3553 advisory