A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00034}

epss

{'score': 0.0004}


Mon, 09 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Jun 2025 06:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
Title RHCL: Authorino Denial of Service Through AuthPolicy With sharedSecretRef Severity Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
First Time appeared Redhat
Redhat connectivity Link
CPEs cpe:/a:redhat:connectivity_link:1
Vendors & Products Redhat
Redhat connectivity Link
References

Tue, 25 Feb 2025 13:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title RHCL: Authorino Denial of Service Through AuthPolicy With sharedSecretRef Severity
Weaknesses CWE-400
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T23:26:57.462Z

Reserved: 2025-02-03T20:02:01.750Z

Link: CVE-2025-25208

cve-icon Vulnrichment

Updated: 2025-06-09T18:08:28.403Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-09T06:15:24.667

Modified: 2025-06-09T12:15:47.880

Link: CVE-2025-25208

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-02-24T00:00:00Z

Links: CVE-2025-25208 - Bugzilla

cve-icon OpenCVE Enrichment

No data.