- Issued:
- 2025-05-29
- Updated:
- 2025-05-29
RHSA-2025:8298 - Red Hat OpenShift Service Mesh 3.0.2
Synopsis
Red Hat OpenShift Service Mesh 3.0.2
Type/Severity
Security Advisory Moderate
Topic
Red Hat OpenShift Service Mesh 3.0.2 This update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section
Description
Red Hat OpenShift Service Mesh 3.0.2, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application Security Fix(es):
- openshift-istio-cni-container: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section
Solution
See Red Hat OpenShift Service Mesh 3.0.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift Service Mesh | 3.0 | x86_64 |
Fixes
(none)
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.