Improper Access Control in OpenEBS Local PV RawFile for Kubernetes
CVE-2025-58061
5.5MEDIUM
What is CVE-2025-58061?
The OpenEBS Local PV RawFile component for Kubernetes prior to version 0.10.0 suffers from improper access control, allowing unauthorized access to persistent volume data stored on Kubernetes hosts. The default configuration places persistent volume data at '/var/csi/rawfile/', where it is exposed to world-readable permissions. This flaw enables non-privileged users to potentially access sensitive information, such as entire databases when using MySQL or PostgreSQL within Kubernetes workloads. It is crucial for users of OpenEBS to upgrade to version 0.10.0 or later to mitigate this security risk.
Affected Version(s)
rawfile-localpv < 0.10.0