{"id":"RHSA-2026:2725","summary":"Red Hat Security Advisory: pki-deps:10.6 security update","modified":"2026-04-20T10:08:09Z","published":"2026-02-17T10:12:30Z","upstream":["CVE-2025-31651","CVE-2025-55752"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362782"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2725.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-31651"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-31651"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31651"},{"type":"ARTICLE","url":"https://lists.apache.org/list.html?announce@tomcat.apache.org"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-55752"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2025-55752"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752"},{"type":"ARTICLE","url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"}],"affected":[{"package":{"name":"apache-commons-collections","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/apache-commons-collections"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"apache-commons-lang","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/apache-commons-lang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6-21.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"bea-stax","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/bea-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"bea-stax-api","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/bea-stax-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"fasterxml-oss-parent","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/fasterxml-oss-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:69-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-fastinfoset","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-fastinfoset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-9.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-jaxb","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-jaxb-api","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.12-8.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-jaxb-core","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-jaxb-runtime","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"glassfish-jaxb-txw2","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-txw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-annotations","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-bom","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-bom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-core","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-databind","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-jaxrs-json-provider","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-json-provider"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-jaxrs-providers","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-providers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-module-jaxb-annotations","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-module-jaxb-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-modules-base","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-modules-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.1-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jackson-parent","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jackson-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19.2-1.module+el8.2.0+23390+7631bd3f"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"jakarta-commons-httpclient","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/jakarta-commons-httpclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.1-28.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"javassist","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/javassist"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"javassist-javadoc","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/javassist-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"pki-servlet-4.0-api","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/pki-servlet-4.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.7-16.module+el8.2.0+23940+b159abcc.3"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"pki-servlet-engine","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/pki-servlet-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.7-16.module+el8.2.0+23940+b159abcc.3"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"python-nss","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/python-nss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"python-nss-debugsource","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/python-nss-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"python-nss-doc","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/python-nss-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"python3-nss","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/python3-nss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"python3-nss-debuginfo","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/python3-nss-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"relaxngDatatype","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/relaxngDatatype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2011.1-7.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"resteasy","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/resteasy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.26-3.module+el8.2.0+23401+65186842"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"slf4j","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"slf4j-jdk14","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/slf4j-jdk14"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"stax-ex","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/stax-ex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.7-8.module+el8.2.0+5723+4574fbff"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"velocity","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/velocity"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7-24.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xalan-j2","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xalan-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.1-38.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xerces-j2","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xerces-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.11.0-34.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xml-commons-apis","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xml-commons-apis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.01-25.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xml-commons-resolver","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xml-commons-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2-26.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xmlstreambuffer","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xmlstreambuffer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.4-8.module+el8.2.0+5723+4574fbff"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}},{"package":{"name":"xsom","ecosystem":"Red Hat:rhel_aus:8.2::appstream","purl":"pkg:rpm/redhat/xsom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:2725.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}