Denial of Service Vulnerability in Red Hat Connectivity Link's Authorization Service
CVE-2025-25207

5.7MEDIUM

Key Information:

Status
Red Hat Connectivity Link 1
Vendor
CVE Published:
9 June 2025

What is CVE-2025-25207?

The Authorino service within Red Hat Connectivity Link, designed for zero trust API security, exposes a flaw that can be exploited by attackers with developer persona access. This vulnerability allows them to add excessive callbacks to HTTP endpoints post-authorization. As the service enforces authentication policies through a single instance, an attacker can effectively trigger a Denial of Service condition, impeding legitimate authorization processes and potentially disrupting services reliant on Authorino.

References

https://access.redhat.com/security/cve/CVE-2025-25207
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2347421
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.