CVE-2025-46599

April 25, 2025, 5:15 a.m.

6.8
Medium

Description

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

Product(s) Impacted

Vendor Product Versions
Cncf
  • K3s
  • 1.32.*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a cncf k3s 1.32.* / / / / / / /

References

https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port
https://github.com/f1veT/BUG/issues/2
https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a
https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1
https://github.com/k3s-io/k3s/issues/12164

Tags

cve@mitre.org
CWE-1188
2025-04-25
CVE-2025-46599

CVSS Score

6.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

    View Vector String

Timeline

Published: April 25, 2025, 5:15 a.m.
Last Modified: April 25, 2025, 5:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.