Information Exposure Vulnerability in Omni Kubernetes Management Tool
CVE-2025-61688

8.6HIGH

Key Information:

Vendor: Siderolabs
Status: Omni
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-61688?

Omni, a tool for managing Kubernetes on various infrastructures, has a vulnerability that could allow unauthorized access to sensitive information through its API. This issue affects versions prior to 1.1.5 and 1.0.2, underscoring the importance of updating to the latest versions to mitigate potential data exposure risks.

Affected Version(s)

omni >= 1.1.0-beta.0, < 1.1.5 < 1.1.0-beta.0, 1.1.5

omni < 1.0.2 < 1.0.2

References

https://github.com/siderolabs/omni/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Sep 29, 2025

JSON

Siderolabs

What is CVE-2025-61688?

Affected Version(s)

References

CVSS V3.1

Timeline