Fedora 43 update for kubernetes1.32
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2025-47910 CVE-2025-47906 CVE-2025-58189 CVE-2025-61725 CVE-2025-61723 CVE-2025-58185 CVE-2025-58188 CVE-2025-58183 |
| CWE-ID | CWE-693 CWE-20 CWE-116 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kubernetes1.32 Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Protection Mechanism Failure
EUVDB-ID: #VU116686
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-47910
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in http.CrossOriginProtection. The AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. An attacker can bypass implemented security restrictions.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU114079
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-47906
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of the PATH environment variable in LookPath. A local user can pass specially crafted strings to the application and execute arbitrary OS commands with elevated privileges.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Encoding or Escaping of Output
EUVDB-ID: #VU118183
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-58189
CWE-ID:
CWE-116 - Improper Encoding or Escaping of Output
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attacks.
The vulnerability exists due to missing sanitization of input data when the Conn.Handshake fails during ALPN negotiation in crypto/tls. A remote attacker can pass specially crafted input via an error message and influence the application behavior, leading to a potential spoofing attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU118179
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-61725
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the ParseAddress function in net/mail does not properly control consumption of internal resources. A remote attacker can compose a specially crafted email message that triggers excessive CPU consumption leading to denial of service.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU118184
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-61723
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in encoding/pem due to application does not properly control consumption of internal resources when parsing untrusted PEM input. A remote attacker can trigger CPU exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU118187
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-58185
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in encoding/asn1 due to application does not properly control consumption of internal resources when parsing DER payloads. A remote attacker can trigger memory exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU118189
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-58188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in crypto/x509 due to an error when validating certificate chains which contain DSA public keys. A remote attacker can pass a specially crafted certificate to the application and crash it.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU118190
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-58183
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in archive/tar due to the tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 43
kubernetes1.32: before 1.32.10-2.fc43
CPE2.3- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kubernetes1_32:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-00368e9022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
