Denial of Service Vulnerability in Kyverno Cloud Native Policy Engine
CVE-2025-47281

7.7HIGH

Key Information:

Vendor: Kyverno
Status: Kyverno
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-47281?

Inversions 1.14.1 and earlier, Kyverno, a policy engine for cloud native platforms, is susceptible to a Denial of Service (DoS) attack due to improper handling of JMESPath variable substitutions. An attacker with permission to modify Kyverno policies can exploit this vulnerability by crafting expressions that lead to nil values being inserted into the policy structure. This results in panic events within the internal functions designed to process expected string values, such as getValueAsStringMap, ultimately crashing worker threads of the Kyverno admission controller and causing repeated failures of the reports controller pod. The issue is resolved in version 1.14.2.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kyverno < 1.14.2

References

https://github.com/kyverno/kyverno/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/kyverno/kyverno/commit/cbd7d4ca24de1c5...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
May 5, 2025

JSON

Kyverno

What is CVE-2025-47281?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.