AI description
CVE-2025-9708 is a vulnerability found in the Kubernetes C# client. The vulnerability stems from the certificate validation logic, which doesn't properly verify the trust chain when using custom Certificate Authorities (CA). This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation. This can occur if the Kubernetes C# client connects to a Kubernetes API server over TLS/HTTPS with custom CA certificates in the kubeconfig file, especially over an untrusted network. All versions prior to v17.0.14 are affected.
- Description
- A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
- Source
- jordan@liggitt.net
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 5.2
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- jordan@liggitt.net
- CWE-295
- Hype score
- Not currently trending
Kubernetes C# Client Vulnerability (CVE-2025-9708) https://t.co/WbZaDam3Dm #vulnerability #kubernetes
@CyberDigests
17 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks - https://t.co/O6PPHj0BtP
@kubernetesio
16 Sept 2025
6177 Impressions
8 Retweets
26 Likes
5 Bookmarks
0 Replies
0 Quotes