Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-1974 (GCVE-0-2025-1974)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:28 – Updated: 2026-02-26 19:09
VLAI
EPSS
Title
ingress-nginx admission controller RCE escalation
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Date Public
2025-03-24 19:36
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T03:55:20.340497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:14.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-04T19:33:52.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
},
{
"url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
},
{
"url": "https://www.exploit-db.com/exploits/52475"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Validating Admission Controller"
],
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-251",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-251 Local Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:28:48.985Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx admission controller RCE escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1974",
"datePublished": "2025-03-24T23:28:48.985Z",
"dateReserved": "2025-03-04T21:34:07.543Z",
"dateUpdated": "2026-02-26T19:09:14.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-1974",
"date": "2026-06-06",
"epss": "0.91918",
"percentile": "0.9971"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-1974\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2025-03-25T00:15:14.753\",\"lastModified\":\"2026-02-04T20:16:02.920\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema de seguridad en Kubernetes donde, bajo ciertas condiciones, un atacante no autenticado con acceso a la red de pods puede ejecutar c\u00f3digo arbitrario en el contexto del controlador ingress-nginx. Esto puede provocar la divulgaci\u00f3n de secretos accesibles al controlador. (Tenga en cuenta que, en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los secretos del cl\u00faster).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-653\"}]}],\"references\":[{\"url\":\"https://https://github.com/kubernetes/kubernetes/issues/131009\",\"source\":\"jordan@liggitt.net\"},{\"url\":\"https://github.com/B1ack4sh/Blackash-CVE-2025-1974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250328-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/52475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250328-0008/\"}, {\"url\": \"https://github.com/B1ack4sh/Blackash-CVE-2025-1974\"}, {\"url\": \"https://www.exploit-db.com/exploits/52475\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-04T19:33:52.767Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1974\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T03:55:20.340497Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-25T13:40:25.261Z\"}}], \"cna\": {\"title\": \"ingress-nginx admission controller RCE escalation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nir Ohfeld\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ronen Shustin\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sagi Tzadik\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Hillai Ben Sasson\"}], \"impacts\": [{\"capecId\": \"CAPEC-251\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-251 Local Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/kubernetes/ingress-nginx\", \"vendor\": \"kubernetes\", \"modules\": [\"Validating Admission Controller\"], \"product\": \"ingress-nginx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.11.4\"}, {\"status\": \"affected\", \"version\": \"1.12.0\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-24T19:36:00.000Z\", \"references\": [{\"url\": \"https://https://github.com/kubernetes/kubernetes/issues/131009\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-653\", \"description\": \"CWE-653 Improper Isolation or Compartmentalization\"}]}], \"providerMetadata\": {\"orgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"shortName\": \"kubernetes\", \"dateUpdated\": \"2025-03-24T23:28:48.985Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-1974\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T19:09:14.726Z\", \"dateReserved\": \"2025-03-04T21:34:07.543Z\", \"assignerOrgId\": \"a6081bf6-c852-4425-ad4f-a67919267565\", \"datePublished\": \"2025-03-24T23:28:48.985Z\", \"assignerShortName\": \"kubernetes\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2025:14941-1
Vulnerability from csaf_opensuse - Published: 2025-03-28 00:00 - Updated: 2025-03-28 00:00Summary
rke2-1.32.3+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.32.3+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.32.3+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14941
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.32.3+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.32.3+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14941",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14941-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14941-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3DNSWPPJ33REJ6VBO2MSSYJ6XO7XRUJ6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14941-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3DNSWPPJ33REJ6VBO2MSSYJ6XO7XRUJ6/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.32.3+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-28T00:00:00Z",
"generator": {
"date": "2025-03-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14941-1",
"initial_release_date": "2025-03-28T00:00:00Z",
"revision_history": [
{
"date": "2025-03-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32.3+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.32.3+rke2r1-1.1.aarch64",
"product_id": "rke2-1.32.3+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32.3+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.32.3+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.32.3+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32.3+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.32.3+rke2r1-1.1.s390x",
"product_id": "rke2-1.32.3+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32.3+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.32.3+rke2r1-1.1.x86_64",
"product_id": "rke2-1.32.3+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32.3+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.32.3+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32.3+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.32.3+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32.3+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.32.3+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32.3+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.32.3+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.32.3+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2025:14942-1
Vulnerability from csaf_opensuse - Published: 2025-03-28 00:00 - Updated: 2025-03-28 00:00Summary
rke2-1.29-1.29.15+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.29-1.29.15+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.29-1.29.15+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14942
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.29-1.29.15+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.29-1.29.15+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14942",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14942-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14942-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X6IUJL64VPCXGTRC6RXEW2YR7XTLPL4D/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14942-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X6IUJL64VPCXGTRC6RXEW2YR7XTLPL4D/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.29-1.29.15+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-28T00:00:00Z",
"generator": {
"date": "2025-03-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14942-1",
"initial_release_date": "2025-03-28T00:00:00Z",
"revision_history": [
{
"date": "2025-03-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.29-1.29.15+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.aarch64",
"product_id": "rke2-1.29-1.29.15+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.29-1.29.15+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.29-1.29.15+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.29-1.29.15+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.s390x",
"product_id": "rke2-1.29-1.29.15+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.29-1.29.15+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.x86_64",
"product_id": "rke2-1.29-1.29.15+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.29-1.29.15+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.29-1.29.15+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.29-1.29.15+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.29-1.29.15+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.29-1.29.15+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.29-1.29.15+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2025:14943-1
Vulnerability from csaf_opensuse - Published: 2025-03-28 00:00 - Updated: 2025-03-28 00:00Summary
rke2-1.30-1.30.11+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.30-1.30.11+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.30-1.30.11+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14943
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.30-1.30.11+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.30-1.30.11+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14943",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14943-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14943-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYTI7EKR4C7WUKDN6XNAEP7DQZI2ADOI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14943-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYTI7EKR4C7WUKDN6XNAEP7DQZI2ADOI/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.30-1.30.11+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-28T00:00:00Z",
"generator": {
"date": "2025-03-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14943-1",
"initial_release_date": "2025-03-28T00:00:00Z",
"revision_history": [
{
"date": "2025-03-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.30-1.30.11+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.aarch64",
"product_id": "rke2-1.30-1.30.11+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.30-1.30.11+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.30-1.30.11+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.30-1.30.11+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.s390x",
"product_id": "rke2-1.30-1.30.11+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.30-1.30.11+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.x86_64",
"product_id": "rke2-1.30-1.30.11+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.30-1.30.11+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.30-1.30.11+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.30-1.30.11+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.30-1.30.11+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.30-1.30.11+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.30-1.30.11+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2025:14944-1
Vulnerability from csaf_opensuse - Published: 2025-03-28 00:00 - Updated: 2025-03-28 00:00Summary
rke2-1.31-1.31.7+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.31-1.31.7+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.31-1.31.7+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14944
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.31-1.31.7+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.31-1.31.7+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14944",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14944-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14944-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AXAWKVFNQBIDWTRIHH256LGS2N6R6BOG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14944-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AXAWKVFNQBIDWTRIHH256LGS2N6R6BOG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.31-1.31.7+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-28T00:00:00Z",
"generator": {
"date": "2025-03-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14944-1",
"initial_release_date": "2025-03-28T00:00:00Z",
"revision_history": [
{
"date": "2025-03-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.31-1.31.7+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.aarch64",
"product_id": "rke2-1.31-1.31.7+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.31-1.31.7+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.31-1.31.7+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.31-1.31.7+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.s390x",
"product_id": "rke2-1.31-1.31.7+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.31-1.31.7+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.x86_64",
"product_id": "rke2-1.31-1.31.7+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.31-1.31.7+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.31-1.31.7+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.31-1.31.7+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.31-1.31.7+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.31-1.31.7+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.31-1.31.7+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2025:15083-1
Vulnerability from csaf_opensuse - Published: 2025-05-12 00:00 - Updated: 2025-05-12 00:00Summary
rke2-1.32-1.32.4+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.32-1.32.4+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.32-1.32.4+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15083
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.32-1.32.4+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.32-1.32.4+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15083",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15083-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15083-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQS4AI4IUYK2KCIUCXDYZUBJ5XSJNQJA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15083-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQS4AI4IUYK2KCIUCXDYZUBJ5XSJNQJA/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.32-1.32.4+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-12T00:00:00Z",
"generator": {
"date": "2025-05-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15083-1",
"initial_release_date": "2025-05-12T00:00:00Z",
"revision_history": [
{
"date": "2025-05-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32-1.32.4+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.aarch64",
"product_id": "rke2-1.32-1.32.4+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32-1.32.4+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.32-1.32.4+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32-1.32.4+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.s390x",
"product_id": "rke2-1.32-1.32.4+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.32-1.32.4+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.x86_64",
"product_id": "rke2-1.32-1.32.4+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.32-1.32.4+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.32-1.32.4+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.32-1.32.4+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.32-1.32.4+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.32-1.32.4+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.32-1.32.4+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2025:15569-1
Vulnerability from csaf_opensuse - Published: 2025-09-20 00:00 - Updated: 2025-09-20 00:00Summary
rke2-1.33-1.33.5+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.33-1.33.5+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.33-1.33.5+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15569
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
4 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.33-1.33.5+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.33-1.33.5+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15569",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15569-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.33-1.33.5+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-09-20T00:00:00Z",
"generator": {
"date": "2025-09-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15569-1",
"initial_release_date": "2025-09-20T00:00:00Z",
"revision_history": [
{
"date": "2025-09-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.33-1.33.5+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.aarch64",
"product_id": "rke2-1.33-1.33.5+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.33-1.33.5+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.33-1.33.5+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.33-1.33.5+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.s390x",
"product_id": "rke2-1.33-1.33.5+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.33-1.33.5+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.x86_64",
"product_id": "rke2-1.33-1.33.5+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.33-1.33.5+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.33-1.33.5+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.33-1.33.5+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.33-1.33.5+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.33-1.33.5+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.33-1.33.5+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-20T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2026:10050-1
Vulnerability from csaf_opensuse - Published: 2026-01-14 00:00 - Updated: 2026-01-14 00:00Summary
rke2-1.34-1.34.3+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.34-1.34.3+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.34-1.34.3+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10050
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
4 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.34-1.34.3+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.34-1.34.3+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10050-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.34-1.34.3+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-14T00:00:00Z",
"generator": {
"date": "2026-01-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10050-1",
"initial_release_date": "2026-01-14T00:00:00Z",
"revision_history": [
{
"date": "2026-01-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.34-1.34.3+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.aarch64",
"product_id": "rke2-1.34-1.34.3+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.34-1.34.3+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.34-1.34.3+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.34-1.34.3+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.s390x",
"product_id": "rke2-1.34-1.34.3+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.34-1.34.3+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.x86_64",
"product_id": "rke2-1.34-1.34.3+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.34-1.34.3+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.34-1.34.3+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.34-1.34.3+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.34-1.34.3+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.34-1.34.3+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.34-1.34.3+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-14T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
OPENSUSE-SU-2026:10799-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00Summary
rke2-1.35-1.35.4+rke2r1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rke2-1.35-1.35.4+rke2r1-1.1 on GA media
Description of the patch: These are all security issues fixed in the rke2-1.35-1.35.4+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10799
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
4 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rke2-1.35-1.35.4+rke2r1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rke2-1.35-1.35.4+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10799",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10799-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1974/"
}
],
"title": "rke2-1.35-1.35.4+rke2r1-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10799-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.35-1.35.4+rke2r1-1.1.aarch64",
"product": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.aarch64",
"product_id": "rke2-1.35-1.35.4+rke2r1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.35-1.35.4+rke2r1-1.1.ppc64le",
"product": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.ppc64le",
"product_id": "rke2-1.35-1.35.4+rke2r1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.35-1.35.4+rke2r1-1.1.s390x",
"product": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.s390x",
"product_id": "rke2-1.35-1.35.4+rke2r1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rke2-1.35-1.35.4+rke2r1-1.1.x86_64",
"product": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.x86_64",
"product_id": "rke2-1.35-1.35.4+rke2r1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.aarch64"
},
"product_reference": "rke2-1.35-1.35.4+rke2r1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.ppc64le"
},
"product_reference": "rke2-1.35-1.35.4+rke2r1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.s390x"
},
"product_reference": "rke2-1.35-1.35.4+rke2r1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rke2-1.35-1.35.4+rke2r1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.x86_64"
},
"product_reference": "rke2-1.35-1.35.4+rke2r1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"notes": [
{
"category": "general",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1974",
"url": "https://www.suse.com/security/cve/CVE-2025-1974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.aarch64",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.ppc64le",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.s390x",
"openSUSE Tumbleweed:rke2-1.35-1.35.4+rke2r1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-1974"
}
]
}
SSA-817234
Vulnerability from csaf_siemens - Published: 2025-04-08 00:00 - Updated: 2025-04-08 00:00Summary
SSA-817234: Multiple Kubernetes Ingress NGINX Controller Vulnerabilities in Insights Hub Private Cloud
Notes
Summary: Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the
ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of service condition.
Siemens has released a new version for Insights Hub Private Cloud and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Insights Hub Private Cloud
Siemens / Insights Hub Private Cloud
|
vers:all/* |
Vendor Fix
|
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Insights Hub Private Cloud
Siemens / Insights Hub Private Cloud
|
vers:all/* |
Vendor Fix
|
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Insights Hub Private Cloud
Siemens / Insights Hub Private Cloud
|
vers:all/* |
Vendor Fix
|
4.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Insights Hub Private Cloud
Siemens / Insights Hub Private Cloud
|
vers:all/* |
Vendor Fix
|
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Insights Hub Private Cloud
Siemens / Insights Hub Private Cloud
|
vers:all/* |
Vendor Fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the \ningress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of service condition.\nSiemens has released a new version for Insights Hub Private Cloud and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-817234: Multiple Kubernetes Ingress NGINX Controller Vulnerabilities in Insights Hub Private Cloud - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-817234.html"
},
{
"category": "self",
"summary": "SSA-817234: Multiple Kubernetes Ingress NGINX Controller Vulnerabilities in Insights Hub Private Cloud - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-817234.json"
}
],
"title": "SSA-817234: Multiple Kubernetes Ingress NGINX Controller Vulnerabilities in Insights Hub Private Cloud",
"tracking": {
"current_release_date": "2025-04-08T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-817234",
"initial_release_date": "2025-04-08T00:00:00Z",
"revision_history": [
{
"date": "2025-04-08T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Insights Hub Private Cloud",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Insights Hub Private Cloud"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-1097"
},
{
"cve": "CVE-2025-1098",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-1098"
},
{
"cve": "CVE-2025-1974",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"notes": [
{
"category": "summary",
"text": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-1974"
},
{
"cve": "CVE-2025-24513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-24513"
},
{
"cve": "CVE-2025-24514",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-24514"
}
]
}
WID-SEC-W-2025-0629
Vulnerability from csaf_certbund - Published: 2025-03-24 23:00 - Updated: 2025-05-13 22:00Summary
Ingress NGINX Controller für Kubernetes: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.
Ingress NGINX Controller für Kubernetes wird häufig als Reverse Proxy und Load Balancer eingesetzt, um externen Traffic auf interne Kubernetes-Services weiterzuleiten.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen im Ingress NGINX Controller für Kubernetes ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Kubernetes Ingress NGINX Controller <1.12.1
Open Source / Kubernetes
|
Ingress NGINX Controller <1.12.1 | ||
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Open Source Kubernetes Ingress NGINX Controller <1.11.5
Open Source / Kubernetes
|
Ingress NGINX Controller <1.11.5 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Kubernetes Ingress NGINX Controller <1.12.1
Open Source / Kubernetes
|
Ingress NGINX Controller <1.12.1 | ||
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Open Source Kubernetes Ingress NGINX Controller <1.11.5
Open Source / Kubernetes
|
Ingress NGINX Controller <1.11.5 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Kubernetes Ingress NGINX Controller <1.12.1
Open Source / Kubernetes
|
Ingress NGINX Controller <1.12.1 | ||
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Open Source Kubernetes Ingress NGINX Controller <1.11.5
Open Source / Kubernetes
|
Ingress NGINX Controller <1.11.5 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Kubernetes Ingress NGINX Controller <1.12.1
Open Source / Kubernetes
|
Ingress NGINX Controller <1.12.1 | ||
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Open Source Kubernetes Ingress NGINX Controller <1.11.5
Open Source / Kubernetes
|
Ingress NGINX Controller <1.11.5 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Kubernetes Ingress NGINX Controller <1.12.1
Open Source / Kubernetes
|
Ingress NGINX Controller <1.12.1 | ||
|
IBM InfoSphere Information Server
IBM
|
cpe:/a:ibm:infosphere_information_server:-
|
— | |
|
Open Source Kubernetes Ingress NGINX Controller <1.11.5
Open Source / Kubernetes
|
Ingress NGINX Controller <1.11.5 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.\r\nIngress NGINX Controller f\u00fcr Kubernetes wird h\u00e4ufig als Reverse Proxy und Load Balancer eingesetzt, um externen Traffic auf interne Kubernetes-Services weiterzuleiten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen im Ingress NGINX Controller f\u00fcr Kubernetes ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0629 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0629.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0629 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0629"
},
{
"category": "external",
"summary": "Tenable Blog vom 2025-03-24",
"url": "https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes"
},
{
"category": "external",
"summary": "Kubernetes GitHub vom 2025-03-24",
"url": "https://github.com/kubernetes/kubernetes/issues/131005"
},
{
"category": "external",
"summary": "Kubernetes GitHub vom 2025-03-24",
"url": "https://github.com/kubernetes/kubernetes/issues/131006"
},
{
"category": "external",
"summary": "Kubernetes GitHub vom 2025-03-24",
"url": "https://github.com/kubernetes/kubernetes/issues/131007"
},
{
"category": "external",
"summary": "Kubernetes GitHub vom 2025-03-24",
"url": "https://github.com/kubernetes/kubernetes/issues/131008"
},
{
"category": "external",
"summary": "Kubernetes GitHub vom 2025-03-24",
"url": "https://github.com/kubernetes/kubernetes/issues/131009"
},
{
"category": "external",
"summary": "PoC auf GitHub vom 2025-03-24",
"url": "https://github.com/sandumjacob/IngressNightmare-POCs"
},
{
"category": "external",
"summary": "Google Cloud Bulletin vom 2025-03-24",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-013"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2025-03-24",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2025-03-24",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2025-03-24",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2025-03-24",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2025-03-24",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14942-1 vom 2025-03-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/X6IUJL64VPCXGTRC6RXEW2YR7XTLPL4D/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14941-1 vom 2025-03-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3DNSWPPJ33REJ6VBO2MSSYJ6XO7XRUJ6/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14944-1 vom 2025-03-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AXAWKVFNQBIDWTRIHH256LGS2N6R6BOG/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14943-1 vom 2025-03-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RYTI7EKR4C7WUKDN6XNAEP7DQZI2ADOI/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229787 vom 2025-04-01",
"url": "https://www.ibm.com/support/pages/node/7229787"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15083-1 vom 2025-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KQS4AI4IUYK2KCIUCXDYZUBJ5XSJNQJA/"
}
],
"source_lang": "en-US",
"title": "Ingress NGINX Controller f\u00fcr Kubernetes: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-13T22:00:00.000+00:00",
"generator": {
"date": "2025-05-14T07:08:50.391+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0629",
"initial_release_date": "2025-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-25T23:00:00.000+00:00",
"number": "2",
"summary": "Produktbeschreibung erg\u00e4nzt"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: AWS-2025-006"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Information Server",
"product": {
"name": "IBM InfoSphere Information Server",
"product_id": "T035705",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Ingress NGINX Controller \u003c1.12.1",
"product": {
"name": "Open Source Kubernetes Ingress NGINX Controller \u003c1.12.1",
"product_id": "T042127"
}
},
{
"category": "product_version",
"name": "Ingress NGINX Controller 1.12.1",
"product": {
"name": "Open Source Kubernetes Ingress NGINX Controller 1.12.1",
"product_id": "T042127-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:kubernetes:kubernetes:ingress_nginx_controller__1.12.1"
}
}
},
{
"category": "product_version_range",
"name": "Ingress NGINX Controller \u003c1.11.5",
"product": {
"name": "Open Source Kubernetes Ingress NGINX Controller \u003c1.11.5",
"product_id": "T042128"
}
},
{
"category": "product_version",
"name": "Ingress NGINX Controller 1.11.5",
"product": {
"name": "Open Source Kubernetes Ingress NGINX Controller 1.11.5",
"product_id": "T042128-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:kubernetes:kubernetes:ingress_nginx_controller__1.11.5"
}
}
}
],
"category": "product_name",
"name": "Kubernetes"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1097",
"product_status": {
"known_affected": [
"T042127",
"T035705",
"T042128",
"T027843"
]
},
"release_date": "2025-03-24T23:00:00.000+00:00",
"title": "CVE-2025-1097"
},
{
"cve": "CVE-2025-1098",
"product_status": {
"known_affected": [
"T042127",
"T035705",
"T042128",
"T027843"
]
},
"release_date": "2025-03-24T23:00:00.000+00:00",
"title": "CVE-2025-1098"
},
{
"cve": "CVE-2025-1974",
"product_status": {
"known_affected": [
"T042127",
"T035705",
"T042128",
"T027843"
]
},
"release_date": "2025-03-24T23:00:00.000+00:00",
"title": "CVE-2025-1974"
},
{
"cve": "CVE-2025-24513",
"product_status": {
"known_affected": [
"T042127",
"T035705",
"T042128",
"T027843"
]
},
"release_date": "2025-03-24T23:00:00.000+00:00",
"title": "CVE-2025-24513"
},
{
"cve": "CVE-2025-24514",
"product_status": {
"known_affected": [
"T042127",
"T035705",
"T042128",
"T027843"
]
},
"release_date": "2025-03-24T23:00:00.000+00:00",
"title": "CVE-2025-24514"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…