CVE-2025-47282

Name of the Vulnerable Software and Affected Versions: Gardener External DNS Management versions prior to 0.23.6 gardener/gardener-extension-shoot-dns-service extension versions <= v1.60.0

Description: A security issue was discovered in Gardener's External DNS Management that could allow a user with administrative privileges for a Gardener project or a shoot cluster to obtain control over the seed cluster. This issue affects all Gardener installations, regardless of the public cloud provider used. The affected component is gardener/external-dns-management. The external-dns-management component may also be deployed on the seeds by the gardener/gardener-extension-shoot-dns-service extension.

Recommendations: For Gardener External DNS Management versions prior to 0.23.6, update to version 0.23.6 to fix the issue. For gardener/gardener-extension-shoot-dns-service extension versions <= v1.60.0, update to a version greater than v1.60.0 to fix the issue. As a temporary workaround, consider restricting access to the gardener/external-dns-management component and the gardener/gardener-extension-shoot-dns-service extension until a patch is applied.