Server Side Request Forgery Vulnerability in Portworx for Kubernetes
CVE-2025-13281

5.8MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubernetes
Vendor: CVE Published:; 14 December 2025

What is CVE-2025-13281?

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This issue allows authorized users to access and potentially leak sensitive data from unprotected endpoints within the control plane's host network, which may include critical link-local or loopback services. Proper measures should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

Kubernetes v1.30.0

Kubernetes v1.31.0

Kubernetes v1.32.0

References

https://github.com/kubernetes/kubernetes/issues/135525

issue-tracking

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2025
Vulnerability Reserved
Nov 16, 2025

JSON