CVE-2025-59303

Name of the Vulnerable Software and Affected Versions HAProxy Kubernetes Ingress Controller versions prior to 3.1.13 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 3.0.16-ee1 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 1.11.13-ee1 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 1.9.15-ee1

Description The HAProxy Kubernetes Ingress Controller allows users with create or update permissions to submit config snippets. When the config-snippets feature flag is enabled, this can lead to obtaining an ingress token secret as a response. The issue occurs due to the acceptance of user-provided configuration snippets.

Recommendations Update HAProxy Kubernetes Ingress Controller to version 3.1.13 or later. Update HAProxy Enterprise Kubernetes Ingress Controller to version 3.0.16-ee1 or later. Update HAProxy Enterprise Kubernetes Ingress Controller to version 1.11.13-ee1 or later. Update HAProxy Enterprise Kubernetes Ingress Controller to version 1.9.15-ee1 or later.