CVE-2025-61728
medium
Red Hat CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: January 28, 2026 (106 days ago)
Last Modified: January 28, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Vulnerability Report
Generated by CyberWatcher
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
CWE
CWE-770Affected Products
Builds for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftConfidential Compute AttestationCustom Metric Autoscaler operator for Red Hat OpenshiftDeployment Validation OperatorExternal Secrets Operator for Red Hat OpenShiftMigration Toolkit for Applications 8Multicluster Engine for KubernetesMulticluster Global HubNetwork Observability Operator