CVE-2025-47282

Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx

Configurations

No configuration.

History

21 May 2025, 20:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-19 18:15

Updated : 2025-05-21 20:25

NVD link : CVE-2025-47282

Mitre link : CVE-2025-47282

CVE.ORG link : CVE-2025-47282

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-47282", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2025-05-19T18:15:30.827", "references": [{"url": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue."}, {"lang": "es", "value": "Gardener External DNS Management es un entorno para administrar entradas DNS externas en un cl\u00faster de Kubernetes. Se descubri\u00f3 una vulnerabilidad de seguridad en la Administraci\u00f3n de DNS Externa de Gardener anterior a la versi\u00f3n 0.23.6 que podr\u00eda permitir que un usuario con privilegios administrativos para un proyecto de Gardener o para un cl\u00faster de brotes, incluyendo privilegios administrativos para un \u00fanico espacio de nombres del cl\u00faster de brotes, obtuviera control sobre el cl\u00faster de semillas donde se administra dicho cl\u00faster. Esta CVE afecta a todas las instalaciones de Gardener, independientemente del proveedor de nube p\u00fablica utilizado para los cl\u00fasteres de semillas/brotes. El componente afectado es `gardener/external-dns-management`. El componente `external-dns-management` tambi\u00e9n puede implementarse en las semillas mediante la extensi\u00f3n `gardener/gardener-extension-shoot-dns-service` cuando esta est\u00e1 habilitada. En este caso, todas las versiones de la extensi\u00f3n `shoot-dns-service` <= v1.60.0` se ven afectadas por esta vulnerabilidad. La versi\u00f3n 0.23.6 de Gardener External DNS Management soluciona el problema."}], "lastModified": "2025-05-21T20:25:16.407", "sourceIdentifier": "security-advisories@github.com"}