SB2025112013 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025112013

SB2025112013 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Published: November 20, 2025

Security Bulletin ID SB2025112013
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper privilege management (CVE-ID: CVE-2025-11561)

The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper privilege management within the Active Directory integration feature. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.


2) Out-of-bounds read (CVE-ID: CVE-2025-5318)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References