Red Hat Enterprise Linux 8 update for the container-tools:rhel8 module

Published: 2025-03-26

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-22869
CWE-ID	CWE-400
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions Operating systems & Components / Operating system package or component Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU105459

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22869

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the ssh package when handling clients that complete the key exchange slowly, or not at all. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.4

Red Hat Enterprise Linux Server - TUS: 8.4

Red Hat Enterprise Linux Server - AUS: 8.4

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2025:3266

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.