Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-m9tj-bwum-4yep
Vulnerability ID VCID-m9tj-bwum-4yep
Aliases CVE-2023-1625
GHSA-5836-grcc-8j89
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.7
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-202 Exposure of Sensitive Information Through Data Queries
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1625.json
cvssv3.1 7.4 https://access.redhat.com/security/cve/CVE-2023-1625
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2023-1625
ssvc Track https://access.redhat.com/security/cve/CVE-2023-1625
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-1625
cvssv3.1 7.4 https://bugzilla.redhat.com/show_bug.cgi?id=2181621
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2181621
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2181621
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.4 https://github.com/openstack/heat
generic_textual HIGH https://github.com/openstack/heat
cvssv3.1 7.4 https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
generic_textual HIGH https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
ssvc Track https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
cvssv3.1 7.4 https://launchpad.net/bugs/1999665
generic_textual HIGH https://launchpad.net/bugs/1999665
ssvc Track https://launchpad.net/bugs/1999665
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2023-1625
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-1625
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1625.json
https://api.first.org/data/v1/epss?cve=CVE-2023-1625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1625
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/openstack/heat
https://nvd.nist.gov/vuln/detail/CVE-2023-1625
1034186 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034186
1999665 https://launchpad.net/bugs/1999665
a49526c278e52823080c7f3fcb72785b93fd4dcb https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
cpe:/a:redhat:openstack:13 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
cpe:/a:redhat:openstack:16.1 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1
cpe:/a:redhat:openstack:16.2 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2
cpe:/a:redhat:openstack:17.0 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0
CVE-2023-1625 https://access.redhat.com/security/cve/CVE-2023-1625
show_bug.cgi?id=2181621 https://bugzilla.redhat.com/show_bug.cgi?id=2181621
USN-6066-1 https://usn.ubuntu.com/6066-1/
USN-6293-1 https://usn.ubuntu.com/6293-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1625.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2023-1625
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/ Found at https://access.redhat.com/security/cve/CVE-2023-1625
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2181621
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2181621
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/openstack/heat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/ Found at https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://launchpad.net/bugs/1999665
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:59:09Z/ Found at https://launchpad.net/bugs/1999665
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1625
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.29056
EPSS Score 0.00111
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:09:53.061906+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0