Home > Vulnerability Database > CVE-2025-29778

Mend.io Vulnerability Database

CVE-2025-29778

Good to know:

Date: March 24, 2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Severity Score

5.8

Related Resources (8)

Url: https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-29778

Url: https://github.com/kyverno/policies/issues/1246

Url: https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537

Url: https://github.com/kyverno/kyverno/pull/12237

Url: https://github.com/kyverno/kyverno

Url: https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60

Url: https://www.mend.io/vulnerability-database/CVE-2025-29778

Severity Score

5.8

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version github.com/kyverno/kyverno - v1.14.0-alpha.1;https://github.com/kyverno/kyverno.git - v1.14.0

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-29778

Good to know:

Date: March 24, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?