CVE-2025-47283

Published May 19, 2025

Last updated a month ago

CVSS critical 9.9

Overview

Description
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. [CVE-2025-47283: CRITICAL] Security vulnerability in Gardener versions before 1.116.4, 1.117.5, 1.118.2, and 1.119.0 lets admins gain control over Kubernetes clusters. Update to secure your system.#cve,CVE-2025-47283,#cybersecurity https://t.co/BKUEaW0Luw https://t.co/dD0unjmOSz

    @CveFindCom

    19 May 2025

    31 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.