Red Hat has long been at the forefront of the open source community, proactively identifying, collaborating on and resolving Common Vulnerabilities and Exposures (CVEs) that impact not only our customers, but the entire ecosystem at large. While these efforts are targeted at addressing the most significant potential exploits in the components of our open source platforms, customers in highly-regulated industries such as finance, government, healthcare and telecommunications face stringent security and compliance standards. For select workloads, this can extend past patching Important and Critical CVEs to lesser severity exploits. When CVEs do arise, they are typically last-minute and increase in risk the longer they are left at bay.
Our commitment extends beyond addressing only the most severe potential exploits. In today's rapidly evolving technology landscape, particularly with the increasing adoption of enterprise AI workloads across hybrid cloud environments, the importance of choice and a resilient foundation is paramount. Red Hat understands this need, empowering our customers to innovate on a more secure and durable operating system that can adapt to both traditional and emerging challenges.
To directly address these evolving security and compliance demands, Red Hat is introducing a powerful two-part strategy. First, for Red Hat Enterprise Linux (RHEL), we are expanding Extended Update Support (EUS) and Extended Life Cycle Support (ELS) coverage of CVEs to include those with a CVSS score of 7.0 or higher, regardless of Red Hat’s internal severity classification. Secondly, we are introducing RHEL Security Select Add-On, providing customers with greater flexibility to address the dynamic security requirements of today’s operational climate.
Available as a starter 10-pack add-on for CVE fixes with the flexibility to purchase additional ones incrementally, this offering enables organizations to obtain fixes for CVEs associated with their ELS or EEUS/EUS add-ons upon request. The RHEL Security Select Add-On will be available in Q3 CY 2025 for customers with premium RHEL subscriptions and will be valid for one year, aligning with the subscription's annual renewal cycle.
Security and trust remain foundational to RHEL. With the advanced capabilities of RHEL 10, coupled with this more comprehensive patching approach through expanded coverage and the optional RHEL Security Select Add-On, Red Hat is empowering customers to not only safeguard but also optimize their current IT initiatives for the innovations of the future.
About the author
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.
Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Virtualization
The future of enterprise virtualization for your workloads on-premise or across clouds
