CVE-2025-41240

Summary

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets by accessing specific URLs if the application is exposed externally. The issue affects deployments using the default value of usePasswordFiles=true, which mounts secrets as files into the container filesystem.

Affected Software

VendorProductVersion RangeStatus
VMwarebitnamicharts/appsmith21.2.0 <= 22.0.4affected
VMwarebitnamicharts/drupal5.2.0 < 6.0.19affected
VMwarebitnamicharts/wordpress24.2.0 < 25.0.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References