PT-2025-26210 · Unknown+2 · Kubernetes+1

Amitschendel

Published

2025-06-19

Updated

2025-08-04

CVE-2025-4563

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions kube-apiserver versions 1.32.0 through 1.32.5 kube-apiserver versions 1.33.0 through 1.33.1

Description The issue allows a compromised node to create mirror pods, accessing unauthorized dynamic resources, potentially leading to privilege escalation. This occurs when using the DynamicResourceAllocation feature gate.

Recommendations For kube-apiserver versions 1.32.0 through 1.32.5, update to version 1.32.6 or later. For kube-apiserver versions 1.33.0 through 1.33.1, update to version 1.33.2 or later. As a temporary mitigation measure, consider disabling the DynamicResourceAllocation feature gate until a patch is available.

Fix

LPE

Incorrect Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-20

Related Identifiers

ALT-PU-2025-8449

ALT-PU-2025-8450

ALT-PU-2025-9445

ALT-PU-2025-9447

AZL-64304

CVE-2025-4563

GHSA-HJ2P-8WJ8-PFQ4

GO-2025-3774

OPENSUSE-SU-2025:15405-1

Affected Products

Alt Linux

Kubernetes

PT-2025-26210 · Unknown+2 · Kubernetes+1

CVE-2025-4563

Weakness Enumeration

Related Identifiers

Affected Products

References · 93