CVE-2025-47284 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-47284 PUBLISHED CVSS 9.899999618530273 CRITICAL

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

EPSS 0.26% · 48.8th percentile

Risk Scores

CVSS v3.0

9.899999618530273

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.26%

48.8th percentile

Affected Products

Vendor	Product	Versions
github.com	gardener/gardener	0, 1.117.0, 1.118.0
gardener	gardener	< 1.116.4, >= 1.117.0, < 1.117.5, >= 1.118.0, < 1.118.2

Timeline

Jan 21, 1970 Security Advisory
May 19, 2025 CVE Published
May 20, 2025 EPSS Score
May 31, 2025 EPSS Score
May 31, 2025 Coalition ESS Score
Jun 10, 2025 EPSS Score
Jun 15, 2025 Coalition ESS Score
Jun 21, 2025 EPSS Score
Jul 2, 2025 EPSS Score
Jul 12, 2025 EPSS Score
Jul 23, 2025 EPSS Score
Aug 3, 2025 EPSS Score

References

Open in Interactive Console →