
We found results for “”
CVE-2025-9708
Good to know:


Date: September 16, 2025
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Certificate Validation
CWE-295Top Fix

Upgrade Version
Upgrade to version KubernetesClient - 17.0.14;KubernetesClient - 17.0.14;KubernetesClient - 17.0.14;https://github.com/kubernetes-client/csharp.git - v17.0.14
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |