Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-12548

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

github.com/che-incubator/che-code: Eclipse Che — unauthenticated RCE and secret exfiltration via TCP/3333

Mitigation

Apply the security best practices from the Red Hat OpenShift Dev Spaces Administration Guide: https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.24/html/administration_guide/security-best-practices

Affected Software List

Name Vendor Version
Red Hat OpenShift Dev Spaces (RHOSDS) 3.22 RedHat devspaces/code-rhel9:sha256:e617fc6d1cf09cc3a27898b278ddb0c00f3e9d619f93c927e71c9b4a3a3cdf36
Red Hat OpenShift Dev Spaces (RHOSDS) 3.23 RedHat devspaces/code-rhel9:sha256:4b9159902333a82353bf91823c092e9e2508b17b92e8c6fe0295b5a6609f25f3
Red Hat OpenShift Dev Spaces (RHOSDS) 3.24 RedHat devspaces/code-rhel9:sha256:55205f8b22e78021ebb4beff25c4d250a359629cf96bea4afb5b633f124d6d50
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use