VDB

CVE-2025-47283

CVE-2025-47283 PUBLISHED CVSS 9.899999618530273 CRITICAL

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

EPSS 0.13% · 31.9th percentile

Risk Scores

CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.13%
31.9th percentile

Affected Products

VendorProductVersions
gardenergardener*, 1.118.0, >= 1.117.0, < 1.117.5
github.comgardener/gardener1.118.0, 0, 1.117.0

Exploit Intelligence

Timeline

  • Jan 21, 1970 Security Advisory
  • May 19, 2025 CVE Published
  • May 20, 2025 EPSS Score
  • May 20, 2025 PoC Published
  • May 31, 2025 EPSS Score
  • Jun 11, 2025 EPSS Score
  • Jun 15, 2025 Coalition ESS Score
  • Jun 23, 2025 EPSS Score
  • Jul 4, 2025 EPSS Score
  • Jul 15, 2025 EPSS Score
  • Jul 26, 2025 EPSS Score
  • Aug 6, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›