CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
kubernetesCNA
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kubernetes
oracular
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/pull/130786
https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
http://www.openwall.com/lists/oss-security/2025/03/13/9