Bug 2426564 (CVE-2025-69412)
| Summary: | CVE-2025-69412 messagelib: messagelib: Spoofing of threat data due to ignored SSL errors | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in messagelib. This vulnerability allows a remote attacker to spoof threat data by exploiting the component's failure to properly validate SSL certificates when communicating with the Google Safe Browsing Lookup API. This could lead to malicious content bypassing security checks. This issue only affects configurations where the Google Safe Browsing Lookup API is explicitly enabled, as it is not contacted in the default setup.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2426619, 2426620, 2426621, 2426622, 2426623, 2426624, 2426625, 2426628, 2426629 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-01-01 00:01:18 UTC
|