Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2025-22870

Misinterpretation of Input

Published: Mar 12, 2025 | Modified: May 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.4 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-22870
CWEhttps://cwe.mitre.org/data/definitions/115.html

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to *.example.com, a request to [::1%25.example.com]:80` will incorrectly match and not be proxied.

Weakness

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Affected Software

Name Vendor Start Version End Version
RHODF-4.18-RHEL-9 RedHat odf4/cephcsi-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/cephcsi-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/cephcsi-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/mcg-core-rhel9:v4.18.3-3 *
RHODF-4.18-RHEL-9 RedHat odf4/mcg-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/mcg-rhel9-operator:v4.18.3-3 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-client-console-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-client-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-client-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-metrics-exporter-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/ocs-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-cli-rhel9:v4.18.3-3 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-console-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-cosi-sidecar-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-csi-addons-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-csi-addons-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-csi-addons-sidecar-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-dependencies-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-multicluster-console-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-multicluster-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-multicluster-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-must-gather-rhel9:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-prometheus-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odf-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/odr-cluster-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odr-hub-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odr-recipe-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/odr-rhel9-operator:v4.18.3-2 *
RHODF-4.18-RHEL-9 RedHat odf4/rook-ceph-operator-bundle:v4.18.3-4 *
RHODF-4.18-RHEL-9 RedHat odf4/rook-ceph-rhel9-operator:v4.18.3-2 *
Golang-1.13 Ubuntu focal *
Golang-1.14 Ubuntu focal *
Golang-1.16 Ubuntu focal *
Golang-1.18 Ubuntu focal *
Golang-1.20 Ubuntu focal *
Golang-1.21 Ubuntu focal *
Golang-1.22 Ubuntu focal *
Golang-1.22 Ubuntu jammy *
Golang-1.22 Ubuntu noble *
Golang-1.22 Ubuntu oracular *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use