CVE-2025-7445

Summary

Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.

Affected Software

VendorProductVersion RangeStatus
Kubernetessecrets-store-sync-controller0 < 0.0.2affected
Kubernetessecrets-store-sync-controller0.0.2unaffected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References