CVE-2025-0426

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/130016
https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8
http://www.openwall.com/lists/oss-security/2025/02/13/1

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema de seguridad en Kubernetes donde una gran cantidad de solicitudes de puntos de control de contenedor realizadas al endpoint HTTP de solo lectura de kubelet no autenticado pueden provocar una denegación de servicio de nodo al llenar el disco del nodo.

13 Feb 2025, 17:17

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/02/13/1 -

13 Feb 2025, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-13 16:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-0426

Mitre link : CVE-2025-0426

CVE.ORG link : CVE-2025-0426

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

6.2 /10