Certificate Validation Flaw in Kubernetes C# Client
CVE-2025-9708

6.8MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubernetes Csharp Client
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-9708?

A vulnerability exists in the Kubernetes C# client where the certificate validation logic inadequately verifies the trust chain of certificates. This oversight allows malicious actors to present forged certificates from any Certificate Authority, potentially leading to unauthorized interception and manipulation of communications with the Kubernetes API server. Attackers can exploit this flaw for man-in-the-middle attacks and impersonate legitimate API callers, thus compromising the security of the entire Kubernetes environment.

Affected Version(s)

Kubernetes CSharp Client 0 <= 17.0.13

Kubernetes CSharp Client 17.0.14

References

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

https://github.com/kubernetes/kubernetes/issues/134063

issue-tracking

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Aug 29, 2025

Credit

elliott-beach