{"uuid": "734ea65c-0c86-4ccc-8bb3-3fbe23a83393", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46599", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46599\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T04:27:34.356Z\n\ud83d\udd17 References:\n1. https://github.com/f1veT/BUG/issues/2\n2. https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port\n3. https://github.com/k3s-io/k3s/issues/12164\n4. https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a\n5. https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1", "creation_timestamp": "2025-04-25T05:08:56.000000Z"}