CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets by accessing specific URLs if the application is exposed externally. The issue affects deployments using the default value of usePasswordFiles=true, which mounts secrets as files into the container filesystem.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/bitnami/charts/security/advisories/GHSA-wgg9-9qgw-529w

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Three Bitnami Helm charts montan secretos de Kubernetes en una ruta predecible (/opt/bitnami/*/secrets) ubicada en el root de documentos del servidor web. En las versiones afectadas, esto puede provocar acceso no autenticado a credenciales confidenciales mediante HTTP/S. Un atacante remoto podría obtener estos secretos accediendo a URL específicas si la aplicación está expuesta externamente. El problema afecta a las implementaciones que utilizan el valor predeterminado usePasswordFiles=true, que monta los secretos como archivos en el sistema de archivos del contenedor.

24 Jul 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-552

24 Jul 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-24 07:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-41240

Mitre link : CVE-2025-41240

CVE.ORG link : CVE-2025-41240

JSON object : View

Products Affected

No product.

CWE

CWE-552

Files or Directories Accessible to External Parties

10.0 /10