RHSA-2026:3782CriticalCVSS 9.8

Red Hat Security Advisory: RHOAI 2.25.3 - Red Hat OpenShift AI

Published
March 4, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (33)

CVE-2025-14929CVE-2025-66418CVE-2026-21441CVE-2026-21884CVE-2025-14925CVE-2025-61728CVE-2026-0897CVE-2025-14921CVE-2025-14927CVE-2025-61729CVE-2025-68121CVE-2026-22807CVE-2025-14926CVE-2025-14928CVE-2025-59057CVE-2025-59425CVE-2025-61726CVE-2025-66448CVE-2025-66471CVE-2026-23745CVE-2025-13465CVE-2025-69223CVE-2025-14920CVE-2026-1260CVE-2026-24779CVE-2025-69227CVE-2026-22029CVE-2026-22778CVE-2025-14924CVE-2025-14930CVE-2025-69228CVE-2026-24049CVE-2026-24486

📋 Description

CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-14920 — transformers: code execution when processing a malicious Perceiver model file CVE-2025-14921 — transformers: code execution when processing a malicious Transformer-XL model file CVE-2025-14924 — transformers: code execution when processing a malicious megatron_gpt2 model file CVE-2025-14925 — accelerate: Hugging Face Accelerate: Remote Code Execution via Deserialization of Untrusted Data CVE-2025-14926 — transformers: code execution when converting a malicious SEW model checkpoint CVE-2025-14927 — transformers: code execution when converting a malicious SEW-D model checkpoint CVE-2025-14928 — transformers: code execution when converting a malicious HuBERT model checkpoint CVE-2025-14929 — transformers: code execution when processing a malicious X-CLIP model file CVE-2025-14930 — transformers: code execution when processing a malicious GLM4 model file CVE-2025-59057 — react-router: @remix-run/router: React Router XSS Vulnerability CVE-2025-59425 — vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61728 — golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66448 — vllm: vLLM: Remote Code Execution via malicious model configuration CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb CVE-2025-69227 — aiohttp: aiohttp: Denial of Service via specially crafted POST request CVE-2025-69228 — aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request CVE-2026-0897 — Keras: Keras: Denial of Service via crafted HDF5 weight loading file CVE-2026-1260 — sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file. CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-21884 — react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration CVE-2026-22029 — @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects CVE-2026-22778 — vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. CVE-2026-22807 — vLLM: vLLM: Arbitrary code execution via untrusted model loading CVE-2026-23745 — node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24486 — python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability CVE-2026-24779 — vLLM: vLLM: Server-Side Request Forgery allows internal network access

🔗 References (37)