Home > Vulnerability Database > CVE-2025-67508

Mend.io Vulnerability Database

CVE-2025-67508

Good to know:

Date: December 12, 2025

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft malicious credential values. The forged credential values are used in infrastructure Secret objects that break out of the intended string context when evaluated in Fish or PowerShell environments used by the Gardener service operators. This issue is fixed in version 2.12.0.

Severity Score

8.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67508

Url: https://github.com/gardener/gardenctl-v2/security/advisories/GHSA-fw33-qpx7-rhx2

Url: https://github.com/gardener/gardenctl-v2

Url: https://www.mend.io/vulnerability-database/CVE-2025-67508

Severity Score

8.0

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version github.com/gardener/gardenctl-v2 - v0.0.0-20251107111549-0bdc484cb5fb

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67508

Good to know:

Date: December 12, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?