Unauthenticated Remote Command Execution in Eclipse Che by Red Hat
CVE-2025-12548

9CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Dev Spaces (rhosds) 3.22
Red Hat Openshift Dev Spaces (rhosds) 3.23
Red Hat Openshift Dev Spaces (rhosds) 3.24
Vendor
CVE Published:
13 January 2026

What is CVE-2025-12548?

A security weakness exists in Eclipse Che's che-machine-exec component. This flaw permits unauthorized remote execution of commands and potential exfiltration of sensitive secrets, such as SSH keys and tokens, from the Developer Workspace containers of other users. The issue arises from an unprotected JSON-RPC/websocket API accessible through TCP port 3333. Proper safeguards and monitoring are crucial to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat OpenShift Dev Spaces (RHOSDS) 3.22 sha256:3de7dd8077a9201eb7ff56c340629184773d6c06de9d6e083e13c5b51a82009c

Red Hat OpenShift Dev Spaces (RHOSDS) 3.23 sha256:a6fe7e233fa23e1fff9c74c5d4cbe800534561131b5be59533e88ede24452e3a

Red Hat OpenShift Dev Spaces (RHOSDS) 3.24 sha256:ced0e45c01cb5f473deb4fb137249b743b907d27172fbabd223024c4000ba56f

References

https://access.redhat.com/errata/RHSA-2025:22620
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22623
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22652
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Richard Leach (LME) for reporting this issue.
JSON
.