What is RHSA-2025:1609?

RHSA-2025:1609 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Cluster Observability Operator 1.0.0

Which CVE IDs does RHSA-2025:1609 cover?

RHSA-2025:1609 covers the following CVE IDs: CVE-2024-45338, CVE-2023-26159, CVE-2024-28849. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2025:1609?

RHSA-2025:1609 has a CVSS v3 base score of 7.5, published by Red Hat Product Security.

RHSA-2025:1609HighCVSS 7.5

Red Hat Security Advisory: Cluster Observability Operator 1.0.0

Vendor

Red Hat Product Security

Published

February 17, 2025

Last Modified

June 2, 2026

🔗 CVE IDs covered (3)

CVE-2024-45338 →CVE-2023-26159 →CVE-2024-28849 →

📋 Description

CVE-2023-26159 — follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() CVE-2024-28849 — follow-redirects: Possible credential leak CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

🔗 References (7)

selfhttps://access.redhat.com/errata/RHSA-2025:1609
externalhttps://access.redhat.com/security/updates/classification
externalhttps://docs.openshift.com/container-platform/4.17/observability/cluster_observability_operator/cluster-observability-operator-release-notes.html
externalhttps://access.redhat.com/security/cve/CVE-2024-45338
externalhttps://access.redhat.com/security/cve/CVE-2024-28849
externalhttps://access.redhat.com/security/cve/CVE-2023-26159
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1609.json