VDB
CVE-2025-46342
CVE-2025-46342
PUBLISHED
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.
EPSS 0.33% · 55.9th percentile
Risk Scores
EPSS Score
0.33%
55.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | kyverno | 0 |
| Bitnami | kyverno | 0 |
Exploit Intelligence
- https://github.com/kyverno/kyverno/security/advisories/GHSA-jrr2-x33p-6hvc (nist-nvd)
- CIRCL seen: CVE-2025-46342 (circl-sighting)
- CIRCL seen: CVE-2025-46342 (circl-sighting)
- CIRCL seen: CVE-2025-46342 (circl-sighting)
- CIRCL seen: CVE-2025-46342 (circl-sighting)
- https://github.com/kyverno/kyverno/commit/3ff923b7756e1681daf73849954bd88516589194 (circl)
Timeline
- Jan 21, 1970 Security Advisory
- Apr 29, 2025 CVE Published
- Apr 30, 2025 PoC Published
- Apr 30, 2025 PoC Published
- Apr 30, 2025 PoC Published
- Apr 30, 2025 PoC Published
- May 1, 2025 EPSS Score
- May 5, 2025 CVE Updated
- May 13, 2025 EPSS Score
- May 25, 2025 EPSS Score
- May 26, 2025 Coalition ESS Score
- Jun 6, 2025 EPSS Score