Security Advisory

CVE-2025-48710

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-04 05:50:48

Last updated 2025-06-04 13:23:37

Assigner mitre

State PUBLISHED

Description

kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kros controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.

← Browse all CVEs View on cve.org ↗