4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25132

GHSA ID

GHSA-c392-wrgw-jjfw

EPSS Score

0.37207%

CWE

CWE-400

Published

3/19/2025

Updated

3/20/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-25132

CVE-2024-25132: OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-25132

CVE-2024-25132:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25132

GHSA ID

GHSA-c392-wrgw-jjfw

EPSS Score

0.37207%

CWE

CWE-400

Published

3/19/2025

Updated

3/20/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/openshift/hive	go

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the reconciliation loop of the hibernation controller when handling ClusterDeployment resources with inconsistent status fields. The root cause is the lack of nil-checking before accessing ClusterDeployment.Status fields, which leads to a panic when the status section isn't properly initialized. This matches the described crash scenario and follows Kubernetes controller pattern vulnerabilities where status validation is missing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-25132: OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability

CVE-2024-25132:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-25132: OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability

Technical Details

Basic Information

Basic Information

4.3

4.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI