CVE-2025-0426

Summary

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

Affected Software

VendorProductVersion RangeStatus
Kuberneteskubelet1.32.0 <= 1.32.1affected
Kuberneteskubelet1.31.0 <= 1.31.5affected
Kuberneteskubelet1.30.0 <= 1.30.9affected
Kuberneteskubelet1.32.2unaffected
Kuberneteskubelet1.31.6unaffected
Kuberneteskubelet1.30.10unaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References