CVE-2025-2586

EPSS 0.33%
Veröffentlicht 31.03.2025 12:15:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/openshift/lightspeed-service

≫

Paket lightspeed-service

Default Statusunaffected

Version 0

Version < 88f9dc91856593d878b60ad9a67ffee8d4621ba5

Status affected

HerstellerRed Hat

≫

Produkt OpenShift Lightspeed

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.556

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://access.redhat.com/security/cve/CVE-2025-2586

https://bugzilla.redhat.com/show_bug.cgi?id=2353998

https://nvd.nist.gov/vuln/detail/CVE-2025-2586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2586

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2586