SB2025120925 - Multiple vulnerabilities in Red Hat OpenShift AI (RHOAI)

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2025-12060)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in keras.utils.get_file API when used with the extract=True option for tar archives. A remote user can supply a malicious .tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.

2) Race condition (CVE-ID: CVE-2025-47907)

The vulnerability allows an attacker to tamper with the application. 

The vulnerability exists due to a race condition when canceling a DB query. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system. A remote user can overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-53643)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to not parsing trailer sections of an HTTP request. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

4) Resource exhaustion (CVE-ID: CVE-2025-58183)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in archive/tar due to the tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.

5) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-58754)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits within data: URL decode. A remote attacker can cause a denial of service condition on the target system.

6) Path traversal (CVE-ID: CVE-2025-62156)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the unpack() function. A remote user can upload a specially crafted .zip archive to the application and overwrite arbitrary files on the system outside of the allowed directory. 

7) Infinite loop (CVE-ID: CVE-2025-62727)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can send a specially crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic and cause denial of service conditions.

8) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2025-9905)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the Model.load_model() method. A remote attacker can trick the victim into loading a crafted .h5/.hdf5 model archive and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2025:22759