{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-25208", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-02-03T20:02:01.750Z", "datePublished": "2025-06-09T06:13:03.864Z", "dateUpdated": "2026-03-26T21:27:40.550Z"}, "containers": {"cna": {"title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcl-operator-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:connectivity_link:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25208", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436", "name": "RHBZ#2347436", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-24T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "timeline": [{"lang": "en", "time": "2025-02-24T23:33:58.746Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-26T21:27:40.550Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T18:08:24.170293Z", "id": "CVE-2025-25208", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T18:08:33.921Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25208", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T18:08:24.170293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T18:08:28.403Z"}}], "cna": {"title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:connectivity_link:1"], "vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "packageName": "rhcl-operator-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-02-24T23:33:58.746Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00.000Z", "value": "Made public."}], "datePublic": "2025-02-24T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25208", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436", "name": "RHBZ#2347436", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-26T21:27:40.550Z"}, "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"}}, "cveMetadata": {"cveId": "CVE-2025-25208", "state": "PUBLISHED", "dateUpdated": "2026-03-26T21:27:40.550Z", "dateReserved": "2025-02-03T20:02:01.750Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-09T06:13:03.864Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"}, {"lang": "es", "value": "Un personaje de desarrollador puede hacer caer el servicio Authorino, impidiendo la evaluaci\u00f3n de todas las AuthPolicies en el cl\u00faster."}], "id": "CVE-2025-25208", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-09T06:15:24.667", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-25208"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "RHCL: Authorino Denial of Service Through AuthPolicy With sharedSecretRef Severity", "id": "2347436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster", "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"], "name": "CVE-2025-25208", "package_state": [{"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Fix deferred", "package_name": "rhcl-operator-container", "product_name": "Red Hat Connectivity Link 1"}], "public_date": "2025-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25208\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25208"], "threat_severity": "Moderate"}

{}