CVE-2021-25737

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)

Description A security issue in Kubernetes allows a remote attacker to redirect pod traffic to private networks on a Node, potentially accessing confidential data and compromising its integrity. The issue is related to the lack of validation on EndpointSlice IPs, which was already performed on Endpoint IPs in the localhost or link-local range.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incomplete List of Disallowed Inputs

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184CWE-601

Related Identifiers

ALT-PU-2021-2101

ALT-PU-2022-1245

BDU:2022-02241

CVE-2021-25737

GHSA-MFV7-GQ43-W965

GO-2022-0908

OESA-2021-1373

OPENSUSE-SU-2025:15424-1

RHSA-2021:2437

Affected Products

Alt Linux

Kubernetes

CVE-2021-25737

Weakness Enumeration

Related Identifiers

Affected Products

References · 73