Home > Vulnerability Database > CVE-2025-32963

Mend.io Vulnerability Database

CVE-2025-32963

Good to know:

Date: April 22, 2025

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the "spec.audiences" field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/minio/operator/releases/tag/v7.1.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32963

Url: https://github.com/minio/operator

Url: https://github.com/minio/operator/security/advisories/GHSA-7m6v-q233-q9j9

Url: https://www.mend.io/vulnerability-database/CVE-2025-32963

Severity Score

5.3

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version github.com/minio/operator - v7.1.0;https://github.com/minio/operator.git - v7.1.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32963

Good to know:

Date: April 22, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?