CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/pull/130786
https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
http://www.openwall.com/lists/oss-security/2025/03/13/9

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Esta CVE solo afecta a los clústeres de Kubernetes que utilizan el volumen gitRepo en el árbol para clonar repositorios git de otros pods dentro del mismo nodo. Dado que la función de volumen gitRepo en el árbol ha quedado obsoleta y no recibirá actualizaciones de seguridad, cualquier clúster que aún la utilice sigue siendo vulnerable.

13 Mar 2025, 21:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/03/13/9 -

13 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-13 17:15

Updated : 2026-06-17 08:39

NVD link : CVE-2025-1767

Mitre link : CVE-2025-1767

CVE.ORG link : CVE-2025-1767

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-1767", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-1767", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2025-03-13T19:21:24.589796Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "affected": [{"source": "jordan@liggitt.net", "affectedData": [{"vendor": "Kubernetes", "product": "Kubelet", "versions": [{"status": "affected", "version": "<=v1.32.2"}], "defaultStatus": "unaffected"}]}], "published": "2025-03-13T17:15:36.437", "references": [{"url": "https://github.com/kubernetes/kubernetes/pull/130786", "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s", "source": "jordan@liggitt.net"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/13/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable."}, {"lang": "es", "value": "Esta CVE solo afecta a los cl\u00fasteres de Kubernetes que utilizan el volumen gitRepo en el \u00e1rbol para clonar repositorios git de otros pods dentro del mismo nodo. Dado que la funci\u00f3n de volumen gitRepo en el \u00e1rbol ha quedado obsoleta y no recibir\u00e1 actualizaciones de seguridad, cualquier cl\u00faster que a\u00fan la utilice sigue siendo vulnerable."}], "lastModified": "2026-06-17T08:39:44.560", "sourceIdentifier": "jordan@liggitt.net"}