VDB
ANCHORE-2025-13281
ANCHORE-2025-13281
PUBLISHED
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | 0, 1.33.0, 1.34.0 |
Timeline
- Dec 14, 2025 CVE Published
- Dec 14, 2025 CVE Updated