Home > Vulnerability Database > CVE-2025-46342

Mend.io Vulnerability Database

CVE-2025-46342

Good to know:

Date: April 30, 2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function "GetNamespaceSelectorsFromNamespaceLister" in "pkg/utils/engine/labels.go". As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.

Severity Score

8.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46342

Url: https://pkg.go.dev/vuln/GO-2025-3652

Url: https://github.com/kyverno/kyverno

Url: https://github.com/kyverno/kyverno/commit/3ff923b7756e1681daf73849954bd88516589194

Url: https://github.com/kyverno/kyverno/security/advisories/GHSA-jrr2-x33p-6hvc

Url: https://www.mend.io/vulnerability-database/CVE-2025-46342

Severity Score

8.5

Weakness Type (CWE)

Improper Validation of Specified Type of Input

CWE-1287

Top Fix

Upgrade Version

Upgrade to version github.com/kyverno/kyverno - v1.13.5;github.com/kyverno/kyverno - v1.14.0;https://github.com/kyverno/kyverno.git - v1.13.5;https://github.com/kyverno/kyverno.git - v1.14.0

Learn More

CVSS v3.1

Base Score:	8.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46342

Good to know:

Date: April 30, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?