Home > Vulnerability Database > CVE-2025-64171

Mend.io Vulnerability Database

CVE-2025-64171

Good to know:

Date: November 5, 2025

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4.

Severity Score

7.5

Related Resources (7)

Url: https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981

Url: https://github.com/3scale-sre/marin3r/pull/294

Url: https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64171

Url: https://github.com/3scale-sre/marin3r/commit/c60246a43ae8c0c38dd7267f298d68a121a159fa

Url: https://github.com/3scale-sre/marin3r

Url: https://www.mend.io/vulnerability-database/CVE-2025-64171

Severity Score

7.5

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version github.com/3scale-sre/marin3r - v0.13.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64171

Good to know:

Date: November 5, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?