The following advisory data is extracted from: https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11479.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 4.7 enhancement and security update Advisory ID: RHSA-2025:11479-03 Product: Red Hat Advanced Cluster Security for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2025:11479 Issue date: 2025-07-21 Revision: 03 CVE Names: CVE-2025-22871 ==================================================================== Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: This release of RHACS 4.7.5 includes security and bug fixes. If you are using an earlier version of RHACS 4.7, you are advised to upgrade to this patch release 4.7.5. Bugs fixed: * Before this update, incorrect interpretation of Red Hat Enterprise Linux (RHEL) 10 Common Platform Enumeration (CPE) strings caused Scanner V4 to fail distribution checks on RHEL 10 systems. With this update, an updated RHEL CPE major version pattern resolves the issue, and Scanner V4 can now correctly support RHEL 10. * Before this update, the failure of Sensor to call stream.Recv() caused gRPC flow control to block image reprocessing every 4 hours. With this update, the reprocessing loop includes a timeout for sending messages to Sensors, which resolves the issue and resumes the image reprocessing as expected. * Before this update, you could observe excessive logging of telemetry collection status, resulting in log spam. With this update, the telemetry collection has been configured to not emit repeated logs continuously, which resolves the issue and significantly reduces the log volume. * Before this update, a flaw in the signature verification algorithm caused valid signatures to be reported as invalid if they had a certain payload format. With this update, the enhanced robustness of the algorithm resolves the issue, and the system can now correctly assess the validity of signatures. Security issue(s) fixed: * Flaw in net/http allowed request smuggling due to improper handling of bare line feed (LF) in chunked data. (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution: CVEs: CVE-2025-22871 References: https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.7/html/release_notes/release-notes-47 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://issues.redhat.com/browse/ROX-30092