CVE-2025 -4404 and CVE-2025-7493

hardik · November 7, 2025, 9:51am

We have identified two critical vulnerabilities AlmaLinux 8.10 systems:

CVE-2025-4404
CVE-2025-7493

Unfortunately, the updated packages containing the necessary fixes are currently not available in the Alma Linux repositories. Below are the details

Packages link - Packages

python3-jwcrypto
Current: 0.5.0-2.module_el8.10.0+3844
Required fix: 0.5.0-2.module+el8.10.0+21692+c9b201bc.noarch.rpm
python3-pyusb
Current: 1.0.0-9.1.module_el8.7.0+3349
Required fix: 1.0.0-9.1.module+el8.9.0+18920+2223d05e.noarch.rpm
python3-yubico
Current: 1.3.2-9.1.module_el8.7.0+3349
Required fix: 1.3.2-9.1.module+el8.9.0+18920+2223d05e.noarch.rpm

Vulnerability References:

RHSA-2025:9188 - Security Advisory - Red Hat Customer Portal

Can you please let us know when this packages will be available or is there any alternate method to apply this fixes?

redadmin · November 7, 2025, 4:17pm

Hi Hardik,

Nice to meet you.

The CVE you inquired about appears to be already addressed in the latest ALSA package distribution.

Please update your package to the latest version and verify the issue.

Thanks,

redadmin

CVE-2025-4404

CVE-2025-7493

jlehtone · November 7, 2025, 6:05pm

Something does not add up. The python3-jwcrypto-0.5.0-2.module_el8.10.0+3844+20e075e5 has date 2024-05-24 and can be found from the ‘kickstart’ subdir, so it must have been released with Alma 8.10 – way before the dates of these CVE and ALSA.

hardik · November 10, 2025, 7:39am

So @jlehtone @redadmin The issue is now resolved .

Thank you for your support