What is RHSA-2025:22905?

RHSA-2025:22905 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.19.4

Which CVE IDs does RHSA-2025:22905 cover?

RHSA-2025:22905 covers the following CVE IDs: CVE-2025-6547, CVE-2025-9287, CVE-2025-9288, CVE-2025-64756, CVE-2025-6545. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2025:22905?

RHSA-2025:22905 has a CVSS v3 base score of 8.1, published by Red Hat Product Security.

RHSA-2025:22905HighCVSS 8.1

Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.19.4

Vendor

Red Hat Product Security

Published

December 9, 2025

Last Modified

May 28, 2026

🔗 CVE IDs covered (5)

CVE-2025-6547 →CVE-2025-9287 →CVE-2025-9288 →CVE-2025-64756 →CVE-2025-6545 →

📋 Description

CVE-2025-6545 — pbkdf2: pbkdf2 silently returns predictable key material CVE-2025-6547 — pbkdf2: pbkdf2 silently returns static keys CVE-2025-9287 — cipher-base: Cipher-base hash manipulation CVE-2025-9288 — sha.js: Missing type checks leading to hash rewind and passing on crafted data CVE-2025-64756 — glob: glob: Command Injection Vulnerability via Malicious Filenames

🔗 References (9)

selfhttps://access.redhat.com/errata/RHSA-2025:22905
externalhttps://access.redhat.com/security/cve/CVE-2025-64756
externalhttps://access.redhat.com/security/cve/CVE-2025-6545
externalhttps://access.redhat.com/security/cve/CVE-2025-6547
externalhttps://access.redhat.com/security/cve/CVE-2025-9287
externalhttps://access.redhat.com/security/cve/CVE-2025-9288
externalhttps://access.redhat.com/security/updates/classification/
externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_pipelines
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22905.json