PT-2025-24399 · Red Hat · Red Hat Connectivity Link
Published
2025-06-09
·
Updated
2026-02-11
·
CVE-2025-25207
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Red Hat Connectivity Link (affected versions not specified)
Description
The issue concerns the Authorino service in the Red Hat Connectivity Link, which is responsible for zero trust API security. It allows users with a developer persona to add callbacks to be executed at HTTP endpoints after the authorization process is completed. An attacker with developer persona access can exploit this by adding a large number of callbacks, leading to a Denial of Service in Authorino as it processes the post-authorization callbacks.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat Connectivity Link