PT-2025-22081 · Gardener · Gardener
Rfranzke
·
Published
2025-05-19
·
Updated
2025-09-04
·
CVE-2025-47284
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Gardener versions prior to 1.116.4
Gardener versions prior to 1.117.5
Gardener versions prior to 1.118.2
Gardener versions prior to 1.119.0
Description:
A security issue was discovered in the
gardenlet component of Gardener. This issue could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. The issue affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use.Recommendations:
For versions prior to 1.116.4, update to version 1.116.4 or later.
For versions prior to 1.117.5, update to version 1.117.5 or later.
For versions prior to 1.118.2, update to version 1.118.2 or later.
For versions prior to 1.119.0, update to version 1.119.0 or later.
Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gardener