Home

Description

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

PUBLISHED Reserved 2025-08-29 | Published 2025-09-16 | Updated 2025-09-17 | Assigner kubernetes




MEDIUM: 6.8CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
unaffected

Any version
affected

17.0.14
unaffected

Credits

elliott-beach reporter

References

groups.google.com/...y-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ mailing-list

github.com/kubernetes/kubernetes/issues/134063 issue-tracking

cve.org (CVE-2025-9708)

nvd.nist.gov (CVE-2025-9708)

Download JSON