Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-13281

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-14 Dec, 2025 | 21:27
Updated At-15 Dec, 2025 | 16:26
Rejected At-
Credits

Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:14 Dec, 2025 | 21:27
Updated At:15 Dec, 2025 | 16:26
Rejected At:
▼CVE Numbering Authority (CNA)
Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Default Status
unaffected
Versions
Affected
  • From v1.30.0 through v1.30.14 (custom)
  • From v1.31.0 through v1.31.14 (custom)
  • From v1.32.0 through v1.32.9 (custom)
  • From v1.33.0 through v1.33.5 (custom)
  • From v1.34.0 through v1.34.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-664CAPEC-664 Server Side Request Forgery
CAPEC ID: CAPEC-664
Description: CAPEC-664 Server Side Request Forgery
Solutions

To mitigate this vulnerability, upgrade Kubernetes or enable the CSIMigrationPortworx feature gate.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/issues/135525
issue-tracking
https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
mailing-list
Hyperlink: https://github.com/kubernetes/kubernetes/issues/135525
Resource:
issue-tracking
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/12/01/4
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/12/01/4
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:14 Dec, 2025 | 22:15
Updated At:15 Dec, 2025 | 18:22

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-918Secondaryjordan@liggitt.net
CWE ID: CWE-918
Type: Secondary
Source: jordan@liggitt.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kubernetes/kubernetes/issues/135525jordan@liggitt.net
N/A
https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJjordan@liggitt.net
N/A
http://www.openwall.com/lists/oss-security/2025/12/01/4af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/kubernetes/kubernetes/issues/135525
Source: jordan@liggitt.net
Resource: N/A
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
Source: jordan@liggitt.net
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/12/01/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2021-25736
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-5.8||MEDIUM
EPSS-0.09% / 25.00%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 02:19
Updated-12 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows kube-proxy LoadBalancer contention

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Action-Not Available
Vendor-Microsoft CorporationKubernetes
Product-kuberneteswindowsKubernetes
CWE ID-CWE-114
Process Control
CVE-2020-8568
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-5.8||MEDIUM
EPSS-0.45% / 63.79%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 17:09
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes Secrets Store CSI Driver sync/rotate directory traversal

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

Action-Not Available
Vendor-Kubernetes
Product-secrets_store_csi_driverKubernetes Secrets Store CSI Driver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-3172
Matching Score-6
Assigner-Kubernetes
ShareView Details
Matching Score-6
Assigner-Kubernetes
CVSS Score-5.1||MEDIUM
EPSS-3.08% / 86.92%
||
7 Day CHG+0.26%
Published-03 Nov, 2023 | 18:11
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Action-Not Available
Vendor-Kubernetes
Product-apiserverkube-apiserver
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-8555
Matching Score-6
Assigner-Kubernetes
ShareView Details
Matching Score-6
Assigner-Kubernetes
CVSS Score-6.3||MEDIUM
EPSS-8.75% / 92.58%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 21:50
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes kube-controller-manager SSRF

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

Action-Not Available
Vendor-Fedora ProjectKubernetes
Product-kubernetesfedoraKubernetes
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
Details not found