VDB

RHSA-2025%3A9136

RHSA-2025%3A9136 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in Kubernetes Windows nodes. This vulnerability allows a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:c9a6166158e1ccb1764007d79c6e0f879505c3546eb45cbbe79ebeefcc78a728_amd64 as a component of OpenShift Windows Machine Config Operator 10.16*, *, *
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:c9a6166158e1ccb1764007d79c6e0f879505c3546eb45cbbe79ebeefcc78a728_amd64 as a component of OpenShift Windows Machine Config Operator 10.16registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:c9a6166158e1ccb1764007d79c6e0f879505c3546eb45cbbe79ebeefcc78a728_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:c9a6166158e1ccb1764007d79c6e0f879505c3546eb45cbbe79ebeefcc78a728_amd64, *
Red HatOpenShift Windows Machine Config Operator
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64 as a component of OpenShift Windows Machine Config Operator 10.16*, *, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64 as a component of OpenShift Windows Machine Config Operator 10.16registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:ba052e0c411a5a43fe52eba3156701f8e6d1d11b987a9de617280f056bc804c4_amd64

Timeline

  • Jun 16, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jul 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›