CVE-2025-46342 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-46342 PUBLISHED

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.

EPSS 0.33% · 55.3th percentile

Risk Scores

EPSS Score

0.33%

55.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	kyverno	0
Bitnami	kyverno	0

Timeline

Jan 21, 1970 Security Advisory
Apr 29, 2025 CVE Published
Apr 30, 2025 PoC Published
Apr 30, 2025 PoC Published
Apr 30, 2025 PoC Published
Apr 30, 2025 PoC Published
May 1, 2025 EPSS Score
May 5, 2025 CVE Updated
May 12, 2025 EPSS Score
May 24, 2025 EPSS Score
May 26, 2025 Coalition ESS Score
Jun 4, 2025 EPSS Score

References

Open in Interactive Console →