Main Vulnerability Database Vulnerabilities #VU116686

Protection Mechanism Failure in Aws-iam-authenticator - CVE-2025-47910

Published: October 7, 2025

Vulnerability identifier: #VU116686

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-47910

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kubernetes

Affected software:
Aws-iam-authenticator

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in http.CrossOriginProtection. The AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. An attacker can bypass implemented security restrictions.

How to mitigate CVE-2025-47910

Install updates from vendor's website.

Sources

https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.7.8
https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/e5c37d0bc4d181c87f9c1e0e4cd022adbfb48ad3

Protection Mechanism Failure in Aws-iam-authenticator - CVE-2025-47910

Detailed vulnerability description

How to mitigate CVE-2025-47910

Sources

Please verify you're human