CVE-2025-58061

Name of the Vulnerable Software and Affected Versions OpenEBS versions prior to 0.10.0

Description OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable, potentially allowing non-privileged users to access sensitive data. The rawfile-localpv storage class creates persistent volume data under /var/csi/rawfile/ on Kubernetes hosts by default, but the directory and data within it are world-readable. This could lead to a database breach if Kubernetes tenants are running databases like MySQL or PostgreSQL in containers.

Recommendations Upgrade to version 0.10.0 or later.