CVE-2025-47282

Published May 19, 2025

Last updated 2 months ago

CVSS critical 9.9

Overview

Description
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-47282 in Gardener poses a privilege escalation risk. Update to the patched versions to secure your Kubernetes clusters.🔧 Read more: https://t.co/rKydoIZubR #PrivilegeEscalation #KubernetesSecurity #CyberSecurity #Vulert #PatchNow 🛡️ https://t.co/2iUZyhm8kD

    @vulert_official

    20 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-47282 Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's Exte… https://t.co/wr3RkeMegz

    @CVEnew

    19 May 2025

    675 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-47282: CRITICAL] A security vulnerability found in Gardener External DNS Management (prior to v0.23.6) allows users to gain unauthorized control over seed clusters - fixed in v0.23.6.#cve,CVE-2025-47282,#cybersecurity https://t.co/JTIQbV7Emv https://t.co/1A7ouH2Rbx

    @CveFindCom

    19 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.