VDB

RHSA-2025%3A9340

RHSA-2025%3A9340 PUBLISHED CVSS 6.900000095367432 MEDIUM

A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps. This only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.

Risk Scores

CVSS 3.1
6.900000095367432
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

Affected Products

VendorProductVersions
Red Hatrhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64
Red Hatrhceph/grafana-rhel9@sha256:c859e444f7bb21fd256cd8ef83ef51d15dfc7d8c4f2d6f4772b3d218190117e8_s390x as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-haproxy-rhel9@sha256:9df9046c047fa391981c49f6d8c5ae41edb2499c6b3638cc81645dd56a5feeb8_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64 as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/rhceph-haproxy-rhel9@sha256:9a71b8abd2887fd7a655c9ae7863e82b49e155b388c093d52a093d2babd5e487_amd64
Red Hatrhceph/snmp-notifier-rhel9@sha256:8c5ce24d60cf2a97900ad1578a763cd4900ad4c8610768678eefc01665d28f73_s390x as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x
Red Hatrhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/grafana-rhel9@sha256:066bb8a930f61443a74e3f505f73f6a9ceeea92c2b432f33bf720650cb79ae55_ppc64le
Red Hatrhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/rhceph-7-rhel9@sha256:8710b615cf78b3fcb6c595ec7a63011aecac28f6c67fbcee43dc7850a610618a_s390x
Red Hatrhceph/rhceph-haproxy-rhel9@sha256:0f1fa04728f9aa983409d37397cfe8b2a5c913d9ce15539f04c49c6d29e34fba_s390x as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64
Red Hatrhceph/rhceph-promtail-rhel9@sha256:93b6a27d2e49bb3c430a25ac474d229c2e77a26a396825a713f0cceb4b20ce1e_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64 as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/snmp-notifier-rhel9@sha256:76016eddf3b0261d6c866f971b25111f714ac06ebde1f691f6ba3eba5361f00c_amd64
Red Hatrhceph/keepalived-rhel9@sha256:a9afdb175dc6b231675fdbb7cfeaa20ddaae3fd160c188be581a53f685358f1b_s390x as a component of Red Hat Ceph Storage 7.1 Tools*
Red Hatrhceph/rhceph-promtail-rhel9@sha256:0c803156eb316a66c5cd1545a32d3204a2476fdac6c1a7dd6fae1830f50873d7_amd64 as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/keepalived-rhel9@sha256:4692b7aec71555da05010155b2c046d5b585b5c4b20f41160204317514cc8ea0_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x as a component of Red Hat Ceph Storage 7.1 Toolsrhceph/rhceph-promtail-rhel9@sha256:01b7e7d05ed90f82d48f72d32926374ce1a90779bcb8a2178124a32ea8f1b8d6_s390x
Red Hatrhceph/rhceph-7-rhel9@sha256:342e1bae3b74bfa551aa119d4114267166a76703ae62da6e33d0ea157143c002_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools*, *
Red Hatrhceph/keepalived-rhel9@sha256:e6f5c9dde3680b1c48aa3f9650321481e6e9242ecfa7161c6a9a1eb6d223a6a6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools*, *

…and 17 more

Timeline

  • Jun 23, 2025 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jul 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›