VDB
CVE-2025-47284
CVE-2025-47284
PUBLISHED
CVSS 9.899999618530273 CRITICAL
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
EPSS 0.26% · 49.3th percentile
Risk Scores
CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.26%
49.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | gardener/gardener | 0, 1.117.0, 1.118.0 |
| gardener | gardener | >= 1.117.0, < 1.117.5, >= 1.118.0, < 1.118.2, 0 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- May 19, 2025 CVE Published
- May 20, 2025 EPSS Score
- May 31, 2025 EPSS Score
- May 31, 2025 Coalition ESS Score
- Jun 11, 2025 EPSS Score
- Jun 15, 2025 Coalition ESS Score
- Jun 23, 2025 EPSS Score
- Jul 4, 2025 EPSS Score
- Jul 15, 2025 EPSS Score
- Jul 26, 2025 EPSS Score
- Aug 6, 2025 EPSS Score