Security Report on Vulnerabilities Identified Through Prisma Scan #3012
Description
1. Introduction
This report summarizes the vulnerabilities identified through the Prisma scan conducted.
The identified vulnerabilities have been categorized based on their severity levels, potential impacts, and recommended actions for remediation.
2. Vulnerabilities
2.1 High Vulnerabilities
Vulnerability: CVE-2025-9230
Description: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
Vulnerability: CVE-2025-4802
Description: Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
3. How to reproduce it (as minimally and precisely as possible):
Scan your image via Prisma and you will see the issues.
Affected versions: v0.22.1
4. Conclusion
The Prisma scan identified several vulnerabilities in the environment.
Immediate attention should be given to critical and high-severity vulnerabilities to mitigate potential risks.
Medium and low-severity vulnerabilities should also be addressed in a timely manner to strengthen the security posture.
Continuous monitoring and regular vulnerability assessments are recommended to ensure ongoing security.
Please review this report and prioritize the remediation efforts accordingly.