CVE-2025-13281

Name
CVE-2025-13281
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
issue-tracking https://github.com/kubernetes/kubernetes/issues/135525
mailing-list https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/12/01/4

Match rules

CPE URI Source package Min version Max version
kubernetes == v1.30.0 == None
kubernetes == v1.31.0 == None
kubernetes == v1.32.0 == None
kubernetes == v1.33.0 == None
kubernetes == v1.34.0 == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
kubernetes edge-community 1.35.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.35.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.34.3-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.34.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.34.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.34.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.34.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.4-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.4-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.4-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.2-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.33.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.2-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.2-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.1-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.32.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes edge-community 1.31.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.23-community 1.34.2-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.23-community 1.34.2-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.23-community 1.34.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.22-community 1.33.1-r4 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.22-community 1.33.1-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.22-community 1.33.1-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.22-community 1.33.1-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
kubernetes 3.22-community 1.31.5-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable