PT-2025-11948 · Red Hat · Openshift Dedicated

Thibault Guittet

Published

2025-03-19

Updated

2025-03-28

CVE-2024-25132

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenShift Dedicated (affected versions not specified)

Description A flaw was found in the Hive hibernation controller component. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop, leading to a denial of service when accessing a non-existing field in the ClusterDeployment’s status section.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-25132

GHSA-C392-WRGW-JJFW

GO-2025-3536

OPENSUSE-SU-2025:14937-1

Affected Products

Openshift Dedicated

PT-2025-11948 · Red Hat · Openshift Dedicated

CVE-2024-25132

Weakness Enumeration

Related Identifiers

Affected Products

References · 42