Skip to main content

Kubernetes CVE-2025-29778

MEDIUM
Improper Authorization (CWE-285)
2025-03-24 security-advisories@github.com
Authentication Bypass Kubernetes Kyverno Suse
5.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.8 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:33 vuln.today
Patch released
Mar 28, 2026 - 18:33 nvd
Patch available
PoC Detected
Aug 01, 2025 - 13:10 vuln.today
Public exploit code
CVE Published
Mar 24, 2025 - 17:15 nvd
MEDIUM 5.8

DescriptionGitHub Advisory

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

AnalysisAI

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-285. Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue. Affected products include: Kyverno. Version information: version 1.14.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-50563 CRITICAL
9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Fu
CVE-2026-50566 CRITICAL
9.9 Jun 10

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RB
CVE-2026-50545 CRITICAL
9.9 Jun 10

Privilege escalation in Fission prior to 1.24.0 allows an authenticated user with permission to create or modify Environ
CVE-2026-50564 CRITICAL
9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with En
CVE-2026-49824 HIGH
8.5 Jun 10

Cross-namespace access control bypass in Fission (Kubernetes-native serverless framework) prior to 1.24.0 allows an auth

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.1 Fixed
SUSE Linux Enterprise Server for SAP applications 16.1 Fixed

Share

CVE-2025-29778 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy