CVE-2025-25207
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-02-11
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in the Authorino service, which is used for authorization in Red Hat Connectivity Link. An attacker with developer-level access can add a large number of post-authorization callbacks to Authorino. Since the authorization policy is enforced by a single instance of Authorino, this overload of callbacks causes the service to become unavailable or disrupted while processing them. [1]
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service in the Authorino authorization service, meaning that the service may become unavailable or fail to process authorization requests properly. This disruption can affect the security and availability of APIs protected by Authorino, potentially leading to service outages or degraded performance. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, restrict developer persona access to editing AuthPolicy callbacks to prevent adding excessive callbacks. Monitor and limit the number of post-authorization callbacks configured in Authorino. Since the vulnerability causes Denial of Service by overloading callbacks, controlling and auditing callback configurations is critical. No specific patch or fix information is provided, so access control and policy management are the immediate mitigation steps. [1]