Security Vulnerability Report: CVE-2025-15467 in alpine/k8s:1.32.11

[ByJacob]

Security Vulnerability Report: CVE-2025-15467 in alpine/k8s:1.32.11

Description

A CRITICAL severity vulnerability has been identified in the Docker image alpine/k8s:1.32.11. The affected package is libcrypto3, which is part of the OpenSSL library.

Vulnerability Details

• CVE ID: CVE-2025-15467
• Severity: CRITICAL
• Affected Package: libcrypto3
• Installed Version: 3.5.4-r0
• Fixed Version: 3.5.5-r0
• Docker Image: alpine/k8s:1.32.11

Impact

This vulnerability affects the OpenSSL cryptographic library, which is a critical component for secure communications and encryption operations. Given the CRITICAL severity rating, this vulnerability could potentially:

• Compromise encrypted communications
• Allow unauthorized access to sensitive data
• Enable remote code execution (depending on the specific vulnerability details)

Recommended Action

Immediate action is required to mitigate this vulnerability:

1. Update the base image to a version that includes libcrypto3 version 3.5.5-r0 or later
2. Rebuild and redeploy all containers using the affected image
3. Scan your container registry for other images that may be affected

References

• OpenSSL Security Advisory
• NVD Entry
• CVE Record
• Red Hat Security Advisory
• Ubuntu Security Notice USN-7980-1
• OSS Security Mailing List

OpenSSL Commits Addressing This Issue

• 2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
• 5f26d4202f5b89664c5c3f3c62086276026ba9a9
• 6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
• ce39170276daec87f55c39dad1f629b56344429e
• d0071a0799f20cc8101730145349ed4487c268dc

Priority

HIGH PRIORITY - This issue should be addressed immediately due to its CRITICAL severity rating.