CVE-2025-2586

Name of the Vulnerable Software and Affected Versions OpenShift Lightspeed Service (affected versions not specified)

Description A flaw in the OpenShift Lightspeed Service makes it vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints, such as /api/v1/nonexistent, inflate metrics storage and processing, consuming excessive resources. This can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.