CVE-2025-2586

Published Mar 31, 2025

Last updated 4 days ago

CVSS high 7.5

Overview

Description
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-400

Social media

Hype score
Not currently trending

  1. 🚨 New High Severity CVE Alert! 🚨 CVE-2025-2586: Unauthenticated API request flooding vulnerability in OpenShift Lightspeed Service can lead to resource exhaustion and service unavailability. Patch your systems! #CVE #CyberSecurity #Vulnerability #OpenShift #SecurityAlert http

    @GABBYTECH_SEC

    31 Mar 2025

    36 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 New High Severity CVE Alert! 🚨 CVE-2025-2586: Unauthenticated API request flooding vulnerability in OpenShift Lightspeed Service can lead to resource exhaustion and service unavailability. Patch your systems! #CVE #CyberSecurity #Vulnerability #bugbounty #Openshift https://

    @Gabriel_coder01

    31 Mar 2025

    138 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-2586 πŸ”΄ HIGH (7.5) 🏒 Red Hat - OpenShift Lightspeed πŸ—οΈ None πŸ”— https://t.co/nKlH8dCbBf πŸ”— https://t.co/THre7scaSi #CyberCron #VulnAlert #InfoSec https://t.co/JINUBpZtUd

    @cybercronai

    31 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-2586 Unauthenticated API Request Flooding Vulnerability in OpenShift Lightspeed Service https://t.co/ravFbXnQAI

    @VulmonFeeds

    31 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical flaw OpenShift Lightspeed A 7.5 vulnerability lets CVE-2025-2586

    @AyushInfo57268

    31 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. οΏ½οΏ½ CVE-2025-2586 - OpenShift Container Platform - HIGH 🚨 πŸ—“οΈ Date published 2025-03-31 12:15:15 UTC #OpenShiftContainerPlatform #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/7CP6jgI0sv

    @vulns_space

    31 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-2586 A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate me… https://t.co/ncaIkW3SW4

    @CVEnew

    31 Mar 2025

    369 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References