- Issued:
- 2025-12-09
- Updated:
- 2025-12-09
RHSA-2025:22941 - Security Advisory
Synopsis
Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2
Type/Severity
Security Advisory: Important
Topic
Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2
Description
Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
- kiali-ossmc-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
- kiali-rhel9: node-forge ASN.1 Unbounded Recursion (CVE-2025-66031)
- kiali-ossmc-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
- kiali-rhel9: glob CLI: Command injection via -c/--cmd executes matches with shell:true (CVE-2025-64756)
Solution
See Kiali 2.17.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat
Fixes
(none)amd64
| registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:078340c685503fbb211a66d8016d795a647881e735f5d9f9e89a39e64f21b5cd |
| registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:35096e1737e500ad148e9f5ca2a14554a5e1b4f3104782f00e8322352e365833 |
| registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9cbb0a22e03aad2e8d773c5e919706a303e7b4cbdbfc5853d310afe2f0d73f3c |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94c2091f1a4fad7ec534e36a2ae0f791e1519cc8f74b294c75fa70745503c619 |
arm64
| registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:04c798a54632613681f4ff9d07b88b79722dba1cdba1a6e8166ec94a252a81e6 |
| registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:682b27706746f68c4afd33a69b9a0c930bdcf87f34eaafe75d1c2f9fe9b49718 |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7d670f57a84d17b7be55c897a286654b44f75abeafd81669f89467320018b4ef |
ppc64le
| registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:7300cdba75b669bad1039d5b816e82b48cd3d7f5763b187e5a23538c6c98ff27 |
| registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:2610bd2778ce5d510b897730832b5c50fa23cc795e2830359bf93d3bcbc1fbcf |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:8075a2d2d3d00efdce0280e00fa2724d339703a236ef7c74e546c4f0ce023d9b |
s390x
| registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2de7e4731db7bb2181168aba0de859a06ab1ae13ff8c7b175cde337541925c5d |
| registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9881a311d7f2b6e50f92bfc86716c4aecd215d2a85f54baaa8930904bf93d06e |
| registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
