Bug 2381959 (CVE-2025-7783) - CVE-2025-7783 form-data: Unsafe random function in form-data
Summary: CVE-2025-7783 form-data: Unsafe random function in form-data
Keywords:
Status: NEW
Alias: CVE-2025-7783
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2382003 2382004 2382018 2382020 2382021 2382022 2382023 2382026 2424475 2424476 2424477 2382001 2382002 2382005 2382006 2382007 2382008 2382009 2382010 2382011 2382012 2382013 2382014 2382015 2382016 2382017 2382019 2382024 2382025 2382027 2383546 2424474
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-18 17:01 UTC by OSIDB Bzimport
Modified: 2026-01-03 08:29 UTC (History)
178 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:14919 0 None None None 2025-09-03 02:15:40 UTC
Red Hat Product Errata RHSA-2025:16101 0 None None None 2025-09-17 15:02:08 UTC
Red Hat Product Errata RHSA-2025:16113 0 None None None 2025-09-17 16:57:49 UTC
Red Hat Product Errata RHSA-2025:18278 0 None None None 2025-10-18 03:50:53 UTC
Red Hat Product Errata RHSA-2025:18744 0 None None None 2025-10-21 03:15:18 UTC

Description OSIDB Bzimport 2025-07-18 17:01:07 UTC 
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.

This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Comment 3 errata-xmlrpc 2025-09-03 02:15:29 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2025:14919 https://access.redhat.com/errata/RHSA-2025:14919
Comment 5 errata-xmlrpc 2025-09-17 15:01:58 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.8 for RHEL 9
  multicluster engine for Kubernetes 2.8 for RHEL 8

Via RHSA-2025:16101 https://access.redhat.com/errata/RHSA-2025:16101
Comment 6 errata-xmlrpc 2025-09-17 16:57:37 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:16113 https://access.redhat.com/errata/RHSA-2025:16113
Comment 7 errata-xmlrpc 2025-10-18 03:50:41 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.7 for RHEL 8
  multicluster engine for Kubernetes 2.7 for RHEL 9

Via RHSA-2025:18278 https://access.redhat.com/errata/RHSA-2025:18278
Comment 8 errata-xmlrpc 2025-10-21 03:15:06 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:18744 https://access.redhat.com/errata/RHSA-2025:18744
Note You need to log in before you can comment on or make changes to this bug.