CVE-2025-13281
- Source
- https://cve.org/CVERecord?id=CVE-2025-13281
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13281.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-13281
- Aliases
- Downstream
- Related
- Published
- 2025-12-14T21:27:34.786Z
- Modified
- 2026-05-18T05:57:23.490177780Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Portworx Half-Blind SSRF in kube-controller-manager
- Details
-
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
- Database specific
{ "cwe_ids": [ "CWE-918" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13281.json", "cna_assigner": "kubernetes" }- References
-
- http://www.openwall.com/lists/oss-security/2025/12/01/4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13281.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-13281
- https://github.com/kubernetes/kubernetes/issues/135525
- https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
Affected packages
Git / github.com/kubernetes/kubernetes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kubernetes/kubernetes
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "v1.30.0" }, { "last_affected": "v1.30.14" }, { "introduced": "v1.31.0" }, { "last_affected": "v1.31.14" }, { "introduced": "v1.32.0" }, { "last_affected": "v1.32.9" }, { "introduced": "v1.33.0" }, { "last_affected": "v1.33.5" }, { "introduced": "v1.34.0" }, { "last_affected": "v1.34.1" } ], "source": "AFFECTED_FIELD" }
Affected versions
v1.*
v1.30.0
v1.30.1
v1.30.10
v1.30.11
v1.30.12
v1.30.13
v1.30.14
v1.30.2
v1.30.3
v1.30.4
v1.30.5
v1.30.6
v1.30.7
v1.30.8
v1.30.9
v1.31.0
v1.31.1
v1.31.10
v1.31.11
v1.31.12
v1.31.13
v1.31.14
v1.31.2
v1.31.3
v1.31.4
v1.31.5
v1.31.6
v1.31.7
v1.31.8
v1.31.9
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.32.4
v1.32.5
v1.32.6
v1.32.7
v1.32.8
v1.32.9
v1.33.0
v1.33.1
v1.33.2
v1.33.3
v1.33.4
v1.33.5
v1.34.0
v1.34.1