CVE-2025-22868: 
cAdvisor vulnerability analysis and mitigation

CVE-2025-22868 is a security vulnerability discovered in golang.org/x/oauth2 package, disclosed on February 26, 2025. The vulnerability allows an attacker to pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This vulnerability affects versions of golang.org/x/oauth2/jws before v0.27.0 (NVD, Go Vuln).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is classified under CWE-1286 (Improper Validation of Syntactic Correctness of Input). The vulnerability specifically affects the token parsing functionality in the oauth2 package, where malformed input can trigger excessive memory consumption (NVD).

The primary impact of this vulnerability is the potential for Denial of Service (DoS) attacks through unexpected memory consumption during token parsing. The vulnerability affects availability but does not compromise confidentiality or integrity of the system (CISA-ADP).

The vulnerability has been fixed in golang.org/x/oauth2/jws version v0.27.0. Users are advised to upgrade to this version or later to address the security issue. Red Hat has released updates for affected products, including Advanced Cluster Security (RHACS) 4.5.7 (Red Hat).