CVE-2025-5417

Published: Aug 19, 2025Modified: Aug 19, 2025

6.1

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.9 / Impact: 5.2

Source: secalert@redhat.com (Secondary)

Description

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (3)

https://access.redhat.com/errata/RHSA-2025:14090

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-5417

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2369602

Source: secalert@redhat.com

Timeline

No history available yet.