VDB

ANCHORE-2025-13281

ANCHORE-2025-13281 PUBLISHED

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Affected Products

VendorProductVersions
KubernetesKubernetes0, 1.33.0, 1.34.0

Timeline

  • Dec 14, 2025 CVE Published
  • Dec 14, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›