Issued:: 2025-07-23
Updated:: 2025-07-23

RHSA-2025:11573 - Important: Multicluster engine for Kubernetes 2.7.5 security updates and bug fixes

Synopsis

Important: Multicluster engine for Kubernetes 2.7.5 security updates and bug fixes

Type/Severity

Security Advisory Important

Topic

Multicluster engine for Kubernetes 2.7.5 General Availability release images, which fix bugs and update container images.

Description

Multicluster engine for Kubernetes v2.7.5 images

Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

You can use the engine to create new Red Hat OpenShift Container Platform clusters or manage existing Kubernetes-based clusters by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

CVE:

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)

Solution

For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/clusters/cluster_mce_overview#mce-install-intro

https://access.redhat.com/security/updates/classification/#low

Affected Products

Product	Version	Arch
multicluster engine for Kubernetes	Text-only Advisories	x86_64
multicluster engine for Kubernetes	1	x86_64

Fixes

This content is not included.BZ - 2354195

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.