CVE-2025-46599

Summary

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

Affected Software

VendorProductVersion RangeStatus
K3sK3s1.32 < 1.32.4-rc1+k3saffected

Weaknesses

  • CWE-1188: CWE-1188 Initialization of a Resource with an Insecure Default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References