{"api_version":"1","generated_at":"2026-07-14T18:02:58+00:00","cve":"CVE-2025-5914","urls":{"html":"https://cve.report/CVE-2025-5914","api":"https://cve.report/api/cve/CVE-2025-5914.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-5914","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-5914"},"summary":{"title":"Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c","description":"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-06-09 20:15:26","updated_at":"2026-07-14 13:17:56"},"problem_types":["CWE-190","CWE-190 Integer Overflow or Wraparound"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:21913","name":"https://access.redhat.com/errata/RHSA-2025:21913","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18217","name":"https://access.redhat.com/errata/RHSA-2025:18217","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0934","name":"https://access.redhat.com/errata/RHSA-2026:0934","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","name":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0","refsource":"secalert@redhat.com","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","name":"https://access.redhat.com/errata/RHSA-2025:21885","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14644","name":"https://access.redhat.com/errata/RHSA-2025:14644","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861","refsource":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14142","name":"https://access.redhat.com/errata/RHSA-2025:14142","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14141","name":"https://access.redhat.com/errata/RHSA-2025:14141","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15709","name":"https://access.redhat.com/errata/RHSA-2025:15709","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14130","name":"https://access.redhat.com/errata/RHSA-2025:14130","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18219","name":"https://access.redhat.com/errata/RHSA-2025:18219","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19041","name":"https://access.redhat.com/errata/RHSA-2025:19041","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/libarchive/libarchive/pull/2598","name":"https://github.com/libarchive/libarchive/pull/2598","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18218","name":"https://access.redhat.com/errata/RHSA-2025:18218","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-5914","name":"https://access.redhat.com/security/cve/CVE-2025-5914","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:16524","name":"https://access.redhat.com/errata/RHSA-2025:16524","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14137","name":"https://access.redhat.com/errata/RHSA-2025:14137","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19046","name":"https://access.redhat.com/errata/RHSA-2025:19046","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14808","name":"https://access.redhat.com/errata/RHSA-2025:14808","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15828","name":"https://access.redhat.com/errata/RHSA-2025:15828","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15397","name":"https://access.redhat.com/errata/RHSA-2025:15397","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14810","name":"https://access.redhat.com/errata/RHSA-2025:14810","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-585531.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-585531.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14525","name":"https://access.redhat.com/errata/RHSA-2025:14525","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14594","name":"https://access.redhat.com/errata/RHSA-2025:14594","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15024","name":"https://access.redhat.com/errata/RHSA-2025:15024","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14135","name":"https://access.redhat.com/errata/RHSA-2025:14135","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:15827","name":"https://access.redhat.com/errata/RHSA-2025:15827","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0326","name":"https://access.redhat.com/errata/RHSA-2026:0326","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14528","name":"https://access.redhat.com/errata/RHSA-2025:14528","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:14828","name":"https://access.redhat.com/errata/RHSA-2025:14828","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:1541","name":"https://access.redhat.com/errata/RHSA-2026:1541","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-5914","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5914","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:3.7.7-4.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","version":"unaffected 0:3.1.2-14.el7_9.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:3.3.3-6.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:3.3.2-8.el8_2.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:3.3.3-1.el8_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","version":"unaffected 0:3.3.3-1.el8_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:3.3.3-6.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:3.3.3-6.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:3.3.3-6.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","version":"unaffected 0:3.3.3-5.el8_8.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","version":"unaffected 0:3.3.3-5.el8_8.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.5.3-6.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:3.5.3-6.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:3.5.3-2.el9_0.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","version":"unaffected 0:3.5.3-5.el9_2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:3.5.3-4.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","version":"unaffected 414.92.202510211419-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","version":"unaffected 415.92.202601271320-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected 416.94.202601071926-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","version":"unaffected 417.94.202510112152-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","version":"unaffected 418.94.202510230424-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","version":"unaffected 4.19.9.6.202510140714-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","version":"unaffected 4.20.9.6.202509251656-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Web Terminal 1.11 on RHEL 9","version":"unaffected 1.11-19 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Web Terminal 1.11 on RHEL 9","version":"unaffected 1.11-8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Web Terminal 1.12 on RHEL 9","version":"unaffected 1.12-4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-11 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-11 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-11 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-12 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-18 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-11 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"RHOSS-1.36-RHEL-8","version":"unaffected 1.36.0-7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"cert-manager operator for Red Hat OpenShift 1.16","version":"unaffected v1.16.5-1760515757 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"OpenShift Compliance Operator 1","version":"unaffected 1.8.0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"OpenShift Compliance Operator 1","version":"unaffected 1.8.0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"OpenShift Compliance Operator 1","version":"unaffected 1.8.0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"OpenShift File Integrity Operator - FIO 1","version":"unaffected v1.3 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Discovery 2","version":"unaffected 2.2.1-1758555934 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","version":"unaffected 1.5.6-1756187445 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116455 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116482 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116441 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116449 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116439 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116447 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756128595 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756125872 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.5.1","version":"unaffected rhosdt-3.5-1756116445 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757422110 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757421846 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757421804 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757422070 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757421879 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757422401 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift sandboxed containers 1.1","version":"unaffected 1.10.2-1757421890 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIDIS Secured SmartPlug","version":"affected V7.26.0310 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-06-06T17:58:25.491Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-05-20T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libarchive","cpe5":"libarchive","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5914","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"5914","cve":"CVE-2025-5914","epss":"0.003260000","percentile":"0.244690000","score_date":"2026-07-04","updated_at":"2026-07-05 00:02:28"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-5914","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-06-10T15:14:35.773233Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-06-10T15:30:42.589Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/libarchive/libarchive/pull/2598"}],"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"SIDIS Secured SmartPlug","vendor":"Siemens","versions":[{"lessThan":"V7.26.0310","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T12:39:07.960Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-585531.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"collectionURL":"https://github.com/libarchive/libarchive/","defaultStatus":"unaffected","packageName":"libarchive","versions":[{"lessThan":"3.8.0","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.7.7-4.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.1.2-14.el7_9.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-6.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.2-8.el8_2.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-1.el8_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-1.el8_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-6.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-6.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-6.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-5.el8_8.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.3-5.el8_8.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.3-6.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.3-6.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.3-2.el9_0.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.3-5.el9_2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::crb","cpe:/o:redhat:rhel_eus:9.4::baseos"],"defaultStatus":"affected","packageName":"libarchive","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.3-4.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"414.92.202510211419-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.15::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"415.92.202601271320-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"416.94.202601071926-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"417.94.202510112152-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.18","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"418.94.202510230424-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.19.9.6.202510140714-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.20.9.6.202509251656-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:webterminal:1.11::el9"],"defaultStatus":"affected","packageName":"web-terminal/web-terminal-rhel9-operator","product":"Red Hat Web Terminal 1.11 on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.11-19","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:webterminal:1.11::el9"],"defaultStatus":"affected","packageName":"web-terminal/web-terminal-tooling-rhel9","product":"Red Hat Web Terminal 1.11 on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.11-8","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:webterminal:1.12::el9"],"defaultStatus":"affected","packageName":"web-terminal/web-terminal-tooling-rhel9","product":"Red Hat Web Terminal 1.12 on RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.12-4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-data-index-ephemeral-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-11","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-data-index-postgresql-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-11","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-db-migrator-tool-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-11","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-jobs-service-ephemeral-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-10","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-jobs-service-postgresql-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-10","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-4","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-management-console-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-9","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-operator-bundle","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-12","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-rhel8-operator","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-18","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-swf-builder-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-11","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_serverless:1.36::el8"],"defaultStatus":"affected","packageName":"openshift-serverless-1/logic-swf-devmode-rhel8","product":"RHOSS-1.36-RHEL-8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.36.0-7","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:cert_manager:1.16::el9"],"defaultStatus":"affected","packageName":"cert-manager/jetstack-cert-manager-rhel9","product":"cert-manager operator for Red Hat OpenShift 1.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v1.16.5-1760515757","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"defaultStatus":"affected","packageName":"compliance/openshift-compliance-must-gather-rhel8","product":"OpenShift Compliance Operator 1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.8.0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"defaultStatus":"affected","packageName":"compliance/openshift-compliance-openscap-rhel8","product":"OpenShift Compliance Operator 1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.8.0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"defaultStatus":"affected","packageName":"compliance/openshift-compliance-rhel8-operator","product":"OpenShift Compliance Operator 1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.8.0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_file_integrity_operator:1::el9"],"defaultStatus":"affected","packageName":"compliance/openshift-file-integrity-rhel8-operator","product":"OpenShift File Integrity Operator - FIO 1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"v1.3","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:discovery:2::el9"],"defaultStatus":"affected","packageName":"discovery/discovery-server-rhel9","product":"Red Hat Discovery 2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"2.2.1-1758555934","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"defaultStatus":"affected","packageName":"insights-proxy/insights-proxy-container-rhel9","product":"Red Hat Insights proxy 1.5","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.5.6-1756187445","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-agent-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116455","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-all-in-one-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116482","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-collector-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116441","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-es-index-cleaner-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116449","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-es-rollover-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116439","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-ingester-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116447","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-operator-bundle","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756128595","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-query-rhel8","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756125872","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.5::el8"],"defaultStatus":"affected","packageName":"rhosdt/jaeger-rhel8-operator","product":"Red Hat OpenShift distributed tracing 3.5.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.5-1756116445","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757422110","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757421846","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-monitor-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757421804","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-must-gather-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757422070","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-podvm-builder-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757421879","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-podvm-payload-rhel9","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757422401","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:confidential_compute_attestation:1.10::el9"],"defaultStatus":"affected","packageName":"openshift-sandboxed-containers/osc-rhel9-operator","product":"Red Hat OpenShift sandboxed containers 1.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1.10.2-1757421890","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"libarchive","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"}],"datePublic":"2025-05-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T10:40:27.148Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:14130","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14130"},{"name":"RHSA-2025:14135","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14135"},{"name":"RHSA-2025:14137","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14137"},{"name":"RHSA-2025:14141","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14141"},{"name":"RHSA-2025:14142","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14142"},{"name":"RHSA-2025:14525","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14525"},{"name":"RHSA-2025:14528","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14528"},{"name":"RHSA-2025:14594","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14594"},{"name":"RHSA-2025:14644","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14644"},{"name":"RHSA-2025:14808","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14808"},{"name":"RHSA-2025:14810","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14810"},{"name":"RHSA-2025:14828","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:14828"},{"name":"RHSA-2025:15024","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15024"},{"name":"RHSA-2025:15397","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15397"},{"name":"RHSA-2025:15709","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15709"},{"name":"RHSA-2025:15827","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15827"},{"name":"RHSA-2025:15828","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:15828"},{"name":"RHSA-2025:16524","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:16524"},{"name":"RHSA-2025:18217","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18217"},{"name":"RHSA-2025:18218","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18218"},{"name":"RHSA-2025:18219","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"name":"RHSA-2025:19041","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19041"},{"name":"RHSA-2025:19046","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19046"},{"name":"RHSA-2025:21885","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"name":"RHSA-2025:21913","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21913"},{"name":"RHSA-2026:0326","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"name":"RHSA-2026:0934","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"name":"RHSA-2026:1541","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-5914"},{"name":"RHBZ#2370861","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370861"},{"url":"https://github.com/libarchive/libarchive/pull/2598"},{"url":"https://github.com/libarchive/libarchive/releases/tag/v3.8.0"}],"timeline":[{"lang":"en","time":"2025-06-06T17:58:25.491Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-05-20T00:00:00.000Z","value":"Made public."}],"title":"Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c","x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-190: Integer Overflow or Wraparound"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-5914","datePublished":"2025-06-09T19:53:48.923Z","dateReserved":"2025-06-09T08:10:18.779Z","dateUpdated":"2026-07-14T12:39:07.960Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-06-09 20:15:26","lastModifiedDate":"2026-07-14 13:17:56","problem_types":["CWE-190","CWE-190 Integer Overflow or Wraparound"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-10T15:14:35.773233Z","id":"CVE-2025-5914","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*","versionEndExcluding":"3.8.0","matchCriteriaId":"FCC41392-D22A-4BE5-B7E7-DE5D6BA40052"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"5914","Ordinal":"1","Title":"Libarchive: double free at archive_read_format_rar_seek_data() i","CVE":"CVE-2025-5914","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"5914","Ordinal":"1","NoteData":"A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.","Type":"Description","Title":"Libarchive: double free at archive_read_format_rar_seek_data() i"}]}}}