{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25208", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-02-03T20:02:01.750Z", "datePublished": "2025-06-09T06:13:03.864Z", "dateUpdated": "2025-06-09T18:08:33.921Z"}, "containers": {"cna": {"title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcl-operator-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:connectivity_link:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25208", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436", "name": "RHBZ#2347436", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-24T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "timeline": [{"lang": "en", "time": "2025-02-24T23:33:58.746000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T06:13:03.864Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T18:08:24.170293Z", "id": "CVE-2025-25208", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T18:08:33.921Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25208", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T18:08:24.170293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T18:08:28.403Z"}}], "cna": {"title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:connectivity_link:1"], "vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "packageName": "rhcl-operator-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-02-24T23:33:58.746000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-02-24T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25208", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436", "name": "RHBZ#2347436", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T06:13:03.864Z"}, "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"}}, "cveMetadata": {"cveId": "CVE-2025-25208", "state": "PUBLISHED", "dateUpdated": "2025-06-09T18:08:33.921Z", "dateReserved": "2025-02-03T20:02:01.750Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-09T06:13:03.864Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}], "id": "CVE-2025-25208", "lastModified": "2025-06-09T12:15:47.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2025-06-09T06:15:24.667", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-25208"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "RHCL: Authorino Denial of Service Through AuthPolicy With sharedSecretRef Severity", "id": "2347436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster", "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"], "name": "CVE-2025-25208", "package_state": [{"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Fix deferred", "package_name": "rhcl-operator-container", "product_name": "Red Hat Connectivity Link 1"}], "public_date": "2025-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25208\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25208"], "threat_severity": "Moderate"}