Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-62714
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-24 Oct, 2025 | 16:28
Updated At-27 Oct, 2025 | 13:20

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity-advisories@github.com
CWE ID: CWE-862
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/karmada-io/dashboard/commit/8457b8bb87725e2371a638ca5a255fd2895c70f1security-advisories@github.com
N/A
https://github.com/karmada-io/dashboard/commit/d2d04909f25e96b4c20fa6b636c398bd1636ee06security-advisories@github.com
N/A
https://github.com/karmada-io/dashboard/pull/271security-advisories@github.com
N/A
https://github.com/karmada-io/dashboard/pull/280security-advisories@github.com
N/A
https://github.com/karmada-io/dashboard/releases/tag/v0.2.0security-advisories@github.com
N/A
https://github.com/karmada-io/dashboard/security/advisories/GHSA-5qjg-9mjh-4r92security-advisories@github.com
N/A
Hyperlink: https://github.com/karmada-io/dashboard/commit/8457b8bb87725e2371a638ca5a255fd2895c70f1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/karmada-io/dashboard/commit/d2d04909f25e96b4c20fa6b636c398bd1636ee06
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/karmada-io/dashboard/pull/271
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/karmada-io/dashboard/pull/280
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/karmada-io/dashboard/releases/tag/v0.2.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/karmada-io/dashboard/security/advisories/GHSA-5qjg-9mjh-4r92
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found