CVE-2025-46599

Name of the Vulnerable Software and Affected Versions CNCF K3s versions 1.32 through 1.32.4-rc1+k3s1

Description The issue arises from a Kubernetes kubelet configuration change, which in certain situations, sets ReadOnlyPort to 10255. This could potentially allow unauthenticated access to this port, exposing credentials, particularly in default K3s online installation behaviors.

Recommendations For CNCF K3s versions 1.32 through 1.32.4-rc1+k3s1, update to version 1.32.4-rc1+k3s1 or later to resolve the issue. As a temporary workaround, consider restricting access to port 10255 to minimize the risk of exploitation.