PT-2025-36106 · Unknown · Kubernetes Secrets-Store-Sync-Controller

Kas Dekel

Published

2025-09-05

Updated

2025-09-05

CVE-2025-7445

CVSS v3.1

6.5

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

Kubernetes secrets-store-sync-controller versions prior to 0.0.2

Description:

The Kubernetes `secrets-store-sync-controller` discloses service account tokens in logs.

Recommendations:

Update to version 0.0.2 or later.

Fix

Insertion into Log File

Weakness Enumeration

CVE-2025-7445

Kubernetes Secrets-Store-Sync-Controller