CVE-2025-1767
MEDIUM6.5EPSS 0.27%Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
Published: 3/13/2025Modified: 4/28/2026
Description
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Affected packages (3)
- Debian/kubernetesfrom 0, < 1.20.5+really1.20.2-1
- Go/k8s.io/kubernetesfrom 0, <= 1.32.3
- Go/k8s.io/kubernetesfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-3wgm-2gw2-vh5m
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-1767
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-1767
- PATCHhttps://github.com/kubernetes/kubernetes
- WEBhttps://github.com/kubernetes/kubernetes/pull/130786
- WEBhttps://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
- WEBhttp://www.openwall.com/lists/oss-security/2025/03/13/9