Upgrade stdlib:go in images to remediate vulnerability to CVE-2025-22871

[urfin78]

Currently the Cloudguard Image scanner detects its own images with stdlib:go 1.23.5 as vulnerable to CVE-2025-22871:

quay.io/checkpoint/consec-imagescan-daemon:2.40
quay.io/checkpoint/consec-imagescan-engine:2.40
quay.io/checkpoint/consec-imagescan-shim:2.40

Please update the images with a fixed version.

Regards,
Thomas

[chkp-rigor]

Hi @urfin78 ,
Thanks for reporting this. I see both CVE-2025-22871 and CVE-2025-22866 were checked in the past and found not relevant (and thus not exploitable) for these agents. Apparently this version 2.40 was missed for the exclusions, we will handle it.

Thanks,
Igor

[chkp-rigor]

Hi @urfin78,
I can update that these 2 CVEs were handled for Image Assurance agents 2.40.
I assume you saw these Findings for K8s images in your clusters. Since we re-scan images once a week it may take up to a week till you see this being updated. You can also trigger re-scan manually for each image via CloudGuard portal.
Regards,
Igor