CVE-2025-29778 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-29778 PUBLISHED

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0 contains a patch for the issue.

EPSS 0.11% · 29.9th percentile

Risk Scores

EPSS Score

0.11%

29.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	kyverno	0
Bitnami	kyverno	0

Timeline

Jan 21, 1970 Fix PR Merged
Jan 21, 1970 Security Advisory
Mar 24, 2025 CVE Published
Mar 24, 2025 PoC Published
Mar 24, 2025 PoC Published
Mar 25, 2025 EPSS Score
Mar 25, 2025 Coalition ESS Score
Mar 28, 2025 Coalition ESS Score
Apr 7, 2025 EPSS Score
Apr 19, 2025 EPSS Score
May 2, 2025 EPSS Score
May 8, 2025 CVE Updated

References

Open in Interactive Console →