SB2025101707 - Race condition in Kubernetes Kubernetes



SB2025101707 - Race condition in Kubernetes Kubernetes

Published: October 17, 2025

Security Bulletin ID SB2025101707
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2024-7598)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to escalate privileges on the system.

The vulnerability exists due to a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. An adjacent attacker can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


Remediation

Install update from vendor's website.