CVE-2025-22868 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Affected Products (NVD)

Vendor	Product	Version
go	jws	𝑥 < 0.27.0

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

cosign

suse enterprise desktop 15 SP6	2.5.0-150400.3.27.1 fixed
suse enterprise desktop 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise sap 15 SP6	2.5.0-150400.3.27.1 fixed
suse enterprise sap 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP4	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP5	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP6	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP7	2.5.0-150400.3.27.1 fixed

cosign-bash-completion

suse enterprise desktop 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise sap 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP7	2.5.0-150400.3.27.1 fixed

cosign-zsh-completion

suse enterprise desktop 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise sap 15 SP7	2.5.0-150400.3.27.1 fixed
suse enterprise server 15 SP7	2.5.0-150400.3.27.1 fixed

google-cloud-sap-agent

suse enterprise sap 12	3.6-6.43.1 fixed
suse enterprise sap 12 SP3	3.6-6.43.1 fixed
suse enterprise sap 12 SP4	3.6-6.43.1 fixed
suse enterprise sap 12 SP5	3.6-6.43.1 fixed
suse enterprise sap 15 SP3	3.6-150100.3.44.1 fixed
suse enterprise sap 15 SP4	3.6-150100.3.44.1 fixed
suse enterprise sap 15 SP5	3.6-150100.3.44.1 fixed
suse enterprise sap 15 SP6	3.6-150100.3.44.1 fixed
suse enterprise sap 15 SP7	3.6-150100.3.44.1 fixed
suse enterprise server 12	3.6-6.43.1 fixed
suse enterprise server 12 SP3	3.6-6.43.1 fixed
suse enterprise server 12 SP4	3.6-6.43.1 fixed
suse enterprise server 12 SP5	3.6-6.43.1 fixed
suse enterprise server 15 SP3	3.6-150100.3.44.1 fixed
suse enterprise server 15 SP4	3.6-150100.3.44.1 fixed
suse enterprise server 15 SP5	3.6-150100.3.44.1 fixed
suse enterprise server 15 SP6	3.6-150100.3.44.1 fixed
suse enterprise server 15 SP7	3.6-150100.3.44.1 fixed

google-guest-agent

suse enterprise sap 12	20250116.00-1.47.2 fixed
suse enterprise sap 12 SP3	20250116.00-1.47.2 fixed
suse enterprise sap 12 SP4	20250116.00-1.47.2 fixed
suse enterprise sap 12 SP5	20250116.00-1.47.2 fixed
suse enterprise sap 15 SP3	20250116.00-150000.1.57.1 fixed
suse enterprise sap 15 SP4	20250116.00-150000.1.57.1 fixed
suse enterprise sap 15 SP5	20250116.00-150000.1.57.1 fixed
suse enterprise sap 15 SP6	20250116.00-150000.1.57.1 fixed
suse enterprise sap 15 SP7	20250116.00-150000.1.57.1 fixed
suse enterprise server 12	20250116.00-1.47.2 fixed
suse enterprise server 12 SP3	20250116.00-1.47.2 fixed
suse enterprise server 12 SP4	20250116.00-1.47.2 fixed
suse enterprise server 12 SP5	20250116.00-1.47.2 fixed
suse enterprise server 15 SP3	20250116.00-150000.1.57.1 fixed
suse enterprise server 15 SP4	20250116.00-150000.1.57.1 fixed
suse enterprise server 15 SP5	20250116.00-150000.1.57.1 fixed
suse enterprise server 15 SP6	20250116.00-150000.1.57.1 fixed
suse enterprise server 15 SP7	20250116.00-150000.1.57.1 fixed

google-osconfig-agent

suse enterprise sap 12	20250115.01-1.38.1 fixed
suse enterprise sap 12 SP3	20250115.01-1.38.1 fixed
suse enterprise sap 12 SP4	20250115.01-1.38.1 fixed
suse enterprise sap 12 SP5	20250115.01-1.38.1 fixed
suse enterprise sap 15 SP3	20250115.01-150000.1.47.1 fixed
suse enterprise sap 15 SP4	20250115.01-150000.1.47.1 fixed
suse enterprise sap 15 SP5	20250115.01-150000.1.47.1 fixed
suse enterprise sap 15 SP6	20250115.01-150000.1.47.1 fixed
suse enterprise sap 15 SP7	20250115.01-150000.1.47.1 fixed
suse enterprise server 12	20250115.01-1.38.1 fixed
suse enterprise server 12 SP3	20250115.01-1.38.1 fixed
suse enterprise server 12 SP4	20250115.01-1.38.1 fixed
suse enterprise server 12 SP5	20250115.01-1.38.1 fixed
suse enterprise server 15 SP3	20250115.01-150000.1.47.1 fixed
suse enterprise server 15 SP4	20250115.01-150000.1.47.1 fixed
suse enterprise server 15 SP5	20250115.01-150000.1.47.1 fixed
suse enterprise server 15 SP6	20250115.01-150000.1.47.1 fixed
suse enterprise server 15 SP7	20250115.01-150000.1.47.1 fixed

rekor

suse enterprise desktop 15 SP6	1.3.10-150400.4.25.1 fixed
suse enterprise desktop 15 SP7	1.3.10-150400.4.25.1 fixed
suse enterprise sap 15 SP6	1.3.10-150400.4.25.1 fixed
suse enterprise sap 15 SP7	1.3.10-150400.4.25.1 fixed
suse enterprise server 15 SP4	1.3.10-150400.4.25.1 fixed
suse enterprise server 15 SP5	1.3.10-150400.4.25.1 fixed
suse enterprise server 15 SP6	1.3.10-150400.4.25.1 fixed
suse enterprise server 15 SP7	1.3.10-150400.4.25.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

opentelemetry-collector

RHEL 9

0:0.107.0-8.el9_6

fixed

Common Weakness Enumeration

CWE-1286 - Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

References

https://go.dev/cl/652155

https://go.dev/issue/71490

https://pkg.go.dev/vuln/GO-2025-3488