Denial of Service Vulnerability in Kubernetes Kubelet Component
CVE-2025-0426

6.2MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubelet
Vendor: CVE Published:; 13 February 2025

What is CVE-2025-0426?

A security flaw was identified in the Kubelet component of Kubernetes, allowing unauthenticated users to send numerous container checkpoint requests to a read-only HTTP endpoint. This can lead to a Denial of Service condition by exhausting the Node's disk space, potentially disrupting normal operations and affecting service availability.

Affected Version(s)

kubelet 1.32.0 <= 1.32.1

kubelet 1.31.0 <= 1.31.5

kubelet 1.30.0 <= 1.30.9

References

https://github.com/kubernetes/kubernetes/issues/130016

issue-tracking

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 13, 2025

Credit

Tim Allclair