CVE-2025-5417 MEDIUM

CVE-2025-5417: Rhdh: red hat developer hub user permissions

Vendor Red Hat
Product Red Hat Developer Hub
Weakness CWE-266
Published August 19, 2025
Last update December 19, 2025

CVSS base score

6.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.

Key dates

02Disclosure timeline

August 19, 2025 CVE published
December 19, 2025 Record updated