VDB

CVE-2025-29781

CVE-2025-29781 PUBLISHED CVSS 6.5 MEDIUM

Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

EPSS 0.06% · 18.9th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.06%
18.9th percentile

Affected Products

VendorProductVersions
github.commetal3-io/baremetal-operator/apis0.9.0, 0.9.0, 0
metal3-iobaremetal-operator= 0.9.0, = 0.9.0, *

Timeline

  • Mar 17, 2025 CVE Published
  • Mar 17, 2025 PoC Published
  • Mar 18, 2025 EPSS Score
  • Mar 19, 2025 CVE Updated
  • Mar 31, 2025 EPSS Score
  • Apr 14, 2025 EPSS Score
  • Apr 27, 2025 EPSS Score
  • May 11, 2025 EPSS Score
  • May 24, 2025 EPSS Score
  • Jun 6, 2025 EPSS Score
  • Jun 20, 2025 EPSS Score
  • Jul 3, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›