We found results for “”
CVE-2025-9708
Good to know:
Date: September 16, 2025
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Certificate Validation
CWE-295Top Fix
Upgrade Version
Upgrade to version KubernetesClient - 17.0.14;KubernetesClient - 17.0.14;KubernetesClient - 17.0.14;https://github.com/kubernetes-client/csharp.git - v17.0.14
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | NONE |
Vulnerabilities
Projects
Contact Us


