Description

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

INFO

Published Date :

2026-01-13T15:35:01.329Z

Last Modified :

2026-01-21T22:19:04.636Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12548 vulnerability.

Vendors Products
Redhat
  • Openshift Devspaces
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12548.

URL Resource
https://access.redhat.com/errata/RHSA-2025:22620 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22623 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22652 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-12548 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2408850 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-12548 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-12548 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact