Main Vulnerability Database Vulnerabilities #VU116686

#VU116686 Protection Mechanism Failure in Aws-iam-authenticator - CVE-2025-47910

Published: October 7, 2025

Vulnerability identifier: #VU116686

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-47910

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Aws-iam-authenticator

Software vendor:
Kubernetes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in http.CrossOriginProtection. The AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. An attacker can bypass implemented security restrictions.

Remediation

Install updates from vendor's website.

External links

https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.7.8
https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/e5c37d0bc4d181c87f9c1e0e4cd022adbfb48ad3

#VU116686 Protection Mechanism Failure in Aws-iam-authenticator - CVE-2025-47910

Description

Remediation

External links

Please verify you're human