CVE-2025-13281 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-13281 PUBLISHED CVSS 5.800000190734863 MEDIUM

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

EPSS 0.01% · 1.9th percentile

Risk Scores

CVSS v3.1

5.800000190734863

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.01%

1.9th percentile

Affected Products

Vendor	Product	Versions
Kubernetes	Kubernetes	v1.30.0, v1.31.0, v1.32.0
k8s.io	kubernetes	0, 1.33.0-alpha.0, 1.34.0-alpha.0

Timeline

Nov 16, 2025 CVE ID Reserved
Dec 1, 2025 PoC Published
Dec 1, 2025 PoC Published
Dec 2, 2025 PoC Published
Dec 2, 2025 PoC Published
Dec 14, 2025 CVE Published
Dec 15, 2025 EPSS Score
Dec 15, 2025 CVE Updated
Dec 18, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 25, 2025 EPSS Score
Dec 29, 2025 EPSS Score

References

Open in Interactive Console →