Main Vulnerability Database SB2025101707

SB2025101707 - Race condition in Kubernetes Kubernetes

Published: October 17, 2025

Security Bulletin ID SB2025101707

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2024-7598)

The vulnerability allows an adjacent attacker to escalate privileges on the system.

The vulnerability exists due to a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. An adjacent attacker can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://github.com/kubernetes/kubernetes/issues/126587
https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc
http://www.openwall.com/lists/oss-security/2025/03/20/2