2381959 – (CVE-2025-7783) CVE-2025-7783 form-data: Unsafe random function in form-data

Bug 2381959 (CVE-2025-7783) - CVE-2025-7783 form-data: Unsafe random function in form-data

Summary: CVE-2025-7783 form-data: Unsafe random function in form-data

Keywords:
Status:	NEW
Alias:	CVE-2025-7783
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2382003 2382004 2382008 2382009 2382010 2382011 2382012 2382013 2382016 2382018 2382019 2382020 2382021 2382022 2382023 2382026 2383546 2382001 2382002 2382005 2382006 2382007 2382014 2382015 2382017 2382024 2382025 2382027
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-18 17:01 UTC by OSIDB Bzimport
Modified:	2025-09-17 16:57 UTC (History)
CC List:	162 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:14919	None	None	None	2025-09-03 02:15:40 UTC
Red Hat Product Errata	RHSA-2025:16101	None	None	None	2025-09-17 15:02:08 UTC
Red Hat Product Errata	RHSA-2025:16113	None	None	None	2025-09-17 16:57:49 UTC

Description OSIDB Bzimport 2025-07-18 17:01:07 UTC

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.

This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Comment 3 errata-xmlrpc 2025-09-03 02:15:29 UTC

This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2025:14919 https://access.redhat.com/errata/RHSA-2025:14919

Comment 5 errata-xmlrpc 2025-09-17 15:01:58 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.8 for RHEL 9
  multicluster engine for Kubernetes 2.8 for RHEL 8

Via RHSA-2025:16101 https://access.redhat.com/errata/RHSA-2025:16101

Comment 6 errata-xmlrpc 2025-09-17 16:57:37 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:16113 https://access.redhat.com/errata/RHSA-2025:16113

Note You need to log in before you can comment on or make changes to this bug.

aarif
aazores
abarbaro
abrianik
adkhan
adudiak
alcohan
anjoseph
anpicker
aprice
asoldano
ataylor
bbaranow
bdettelb
bmaxwell
bparees
brasmith
brian.stansberry
caswilli
cdewolf
chfoley
cmah
cochase
crizzo
darran.lofthouse
dbosanac
dbruscin
dfreiber
dhanak
dkreling
dkuc
doconnor
dosoudil
dranck
drosa
drow
dsimansk
dymurray
eaguilar
ebaron
eric.wittmann
fdeutsch
fjansen
fjuma
ggrzybek
gmalinko
gotiwari
gparvin
gryan
gzaronik
haoli
hasun
hkataria
ibek
ibolton
istudens
ivassile
iweiss
jajackso
janstey
jburrell
jcammara
jcantril
jchui
jfula
jhe
jhuff
jkoehler
jmatthew
jmitchel
jmontleo
jneedle
jolong
jowilson
jprabhak
jreimann
jrokos
jscholz
jwendell
jwong
kaycoth
kegrant
kingland
koliveir
kshier
ktsao
kvanderr
kverlaen
lball
lchilton
lgao
lphiri
mabashia
manissin
matzew
mdessi
mnovotny
mosmerov
mpierce
mrizzi
msochure
msvehla
mvyas
mwringe
nboldt
ngough
nipatil
njean
nwallace
nyancey
omaciel
ometelka
oramraz
owatkins
pahickey
pantinor
parichar
pbizzarr
pbraun
pcattana
pdelbell
periklis
pesilva
pgaikwad
pjindal
pmackay
psrna
ptisnovs
rcernich
rhaigner
rjohnson
rkubis
rojacob
rstancel
rstepani
sausingh
sdawley
sdoran
sfeifer
shvarugh
simaishi
slucidi
smaestri
smcdonal
smullick
sseago
stcannon
stirabos
swoodman
syedriko
tasato
teagle
tfister
thason
thavo
tom.jenkinson
ttakamiy
veshanka
vkumar
wtam
xdharmai
yguenane