CVE-2025-55205

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Capsule versions prior to 0.10.4

Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection issue in earlier versions allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system). This bypasses multi-tenant isolation and potentially enables access to cross-tenant resources through TenantResource selectors, leading to privilege escalation and violating Capsule’s security boundaries.

Recommendations: Upgrade to version 0.10.4.

Exploit

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-55205

GHSA-FCPM-6MXQ-M5VV

GO-2025-3893

Affected Products

Capsule

CVE-2025-55205

Weakness Enumeration

Related Identifiers

Affected Products

References · 19