- Issued:
- 2025-12-09
- Updated:
- 2025-12-09
RHSA-2025:22936 - Security Advisory
Synopsis
Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6
Type/Severity
Security Advisory: Important
Topic
Kiali 1.73.25 for Red Hat OpenShift Service Mesh 2.6
Description
Kiali 1.73.25, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
- kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
- kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
- kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
- kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Solution
See Kiali 1.73.25 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
Fixes
(none)amd64
| registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:add09864ea186e10cbf36efa26c5e2be626c6e2a47726379d209e5a6cc5698fe |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ecd14b0b642cfcac1030a22e2f57a05ae0fd2d63a1f41c975487f30e34fef5d8 |
arm64
| registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5fa584e152eb852c9f9dd2ec07c4857924a87470bb92934cbd48efdb0ca238ba |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:7ac05f2197eeba5533ad6ad6360e817d57de2f6893c260c20a7484945fceda92 |
ppc64le
| registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:accf357afa34ff4573ec5a538edfdd37b35f3aeabf786bd6a469f1f457498654 |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ab2b4a1a2d1e5230e3c092af3827a21c0838702ae227afd786925d1704002afd |
s390x
| registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:29e6ecab0c0f10c17b752d30978dbda4892b3cf471344faa182ac0b86ee76928 |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c34b5d86b07705fd0d610ba37bb54a5612b6aba81f04e661b207a2eb0209bea2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
