CVE-2025-61728

medium Red Hat
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: January 28, 2026
Last Modified: January 28, 2026
Vendor: Red Hat

Description

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

CWE

CWE-770

Affected Products

Builds for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftConfidential Compute AttestationCustom Metric Autoscaler operator for Red Hat OpenshiftDeployment Validation OperatorExternal Secrets Operator for Red Hat OpenShiftMigration Toolkit for Applications 8Multicluster Engine for KubernetesMulticluster Global HubNetwork Observability Operator

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev