PT-2025-22074 · Gardener · Gardener
Rfranzke
·
Published
2025-05-19
·
Updated
2026-02-06
·
CVE-2025-47283
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Gardener versions prior to 1.116.4
Gardener versions prior to 1.117.5
Gardener versions prior to 1.118.2
Gardener versions prior to 1.119.0
Description:
A security issue was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. The affected component is
gardener/gardener (gardenlet). This issue affects all Gardener installations, regardless of the public cloud provider(s) used for the seed clusters/shoot clusters.Recommendations:
For versions prior to 1.116.4, update to version 1.116.4 or later.
For versions prior to 1.117.5, update to version 1.117.5 or later.
For versions prior to 1.118.2, update to version 1.118.2 or later.
For versions prior to 1.119.0, update to version 1.119.0 or later.
Exploit
Fix
Improper Privilege Management
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gardener