CVE-2025-13281

Published Dec 14, 2025

Last updated 3 months ago

CVSS medium 5.8
Container Security

Overview

Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Source
jordan@liggitt.net
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.8
Impact score
4
Exploitability score
1.3
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

jordan@liggitt.net
CWE-918

Social media

Hype score
Not currently trending

  1. CVE-2025-13281 A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allow… https://t.co/rNdGaSGvf7

    @CVEnew

    15 Dec 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-13281 Kubernetes kube-controller-manager Half-Blind SSRF Vulnerability in Portworx StorageClass https://t.co/vgBxPLCZCQ

    @VulmonFeeds

    14 Dec 2025

    66 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager - https://t.co/RqDZoZLBhx

    @K8sContributors

    2 Dec 2025

    723 Impressions

    0 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2025-15566
  2. A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails. Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.CVE-2026-24513
  3. A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.CVE-2026-24514
  4. A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2026-1580
  5. A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2026-24512

References

Sources include official advisories and independent security research.