Security Advisory

CVE-2025-13281

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-14 21:27:34

Last updated 2025-12-15 16:26:59

Assigner kubernetes

State PUBLISHED

Description

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

← Browse all CVEs View on cve.org ↗