CVE-2025-41240

Name of the Vulnerable Software and Affected Versions Bitnami Appsmith Helm chart (affected versions not specified) Bitnami WordPress Helm chart (affected versions not specified) Bitnami Drupal Helm chart (affected versions not specified)

Description The Helm charts for Bitnami Appsmith, WordPress, and Drupal mount Kubernetes Secrets under a predictable path within the web server document root. This can lead to unauthenticated access to sensitive credentials via HTTP/S. An attacker could retrieve these secrets by accessing specific URLs if the application is externally exposed. The issue affects deployments using the default value of usePasswordFiles=true, which mounts secrets as files into the container filesystem.

Recommendations For Bitnami Appsmith Helm chart: Ensure usePasswordFiles is set to false to prevent mounting secrets as files. For Bitnami WordPress Helm chart: Ensure usePasswordFiles is set to false to prevent mounting secrets as files. For Bitnami Drupal Helm chart: Ensure usePasswordFiles is set to false to prevent mounting secrets as files.