{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-24T00:00:00Z",
  "bugzilla" : {
    "description" : "RHCL: Authorino Denial of Service Through AuthPolicy With sharedSecretRef Severity",
    "id" : "2347436",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster", "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster" ],
  "package_state" : [ {
    "product_name" : "Red Hat Connectivity Link 1",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcl-operator-container",
    "cpe" : "cpe:/a:redhat:connectivity_link:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-25208\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25208" ],
  "name" : "CVE-2025-25208",
  "csaw" : false
}