Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46599

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

Published

2025-04-25T05:15:33.330

Last Modified

2025-04-29T13:52:28.490

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1188

Affected Vendors & Products

References

https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port ([email protected])
https://github.com/f1veT/BUG/issues/2 ([email protected])
https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a ([email protected])
https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1 ([email protected])
https://github.com/k3s-io/k3s/issues/12164 ([email protected])