Bug 2403843 (CVE-2025-59288)
| Summary: | CVE-2025-59288 playwright: Playwright Spoofing Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alcohan, asoldano, bbaranow, bmaxwell, brian.stansberry, chfoley, darran.lofthouse, dhanak, dkreling, dosoudil, drosa, dsimansk, gparvin, istudens, ivassile, iweiss, jbalunas, jkoehler, kingland, kverlaen, lphiri, matzew, mnovotny, mosmerov, msochure, msvehla, nwallace, owatkins, pahickey, pesilva, pjindal, pmackay, rhaigner, rstancel, sausingh, sdawley, smaestri, swoodman, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A certificate verification flaw has been discovered in the npm Playwright package. Certificate validation is disabled for some processes and an attacker who is adjacent on the network could exploit this by spoofing a url and inject code or files into the Playwright execution path.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2404313, 2404314, 2404315 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-14 18:02:18 UTC
|