VDB
CVE-2025-55196
CVE-2025-55196
PUBLISHED
CVSS 7.099999904632568 HIGH
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access
EPSS 0.11% · 28.7th percentile
Risk Scores
CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.11%
28.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | external-secrets/external-secrets | 0.15.0 |
| external-secrets | external-secrets | >= 0.15.0, < 0.19.2 |
Exploit Intelligence
- https://github.com/external-secrets/external-secrets/security/advisories/GHSA-fcxq-v2r3-cc8h (circl)
- https://github.com/external-secrets/external-secrets/pull/5109 (circl)
- https://github.com/external-secrets/external-secrets/pull/5133 (circl)
- https://github.com/external-secrets/external-secrets/commit/39cdba5863533007b582dc63dd300839326b2f1d (circl)
- https://github.com/external-secrets/external-secrets/commit/de40e8f4fa9559c1d770bb674589b285da5ef2d1 (circl)
Timeline
- Jan 21, 1970 Security Advisory
- Aug 13, 2025 CVE Published
- Aug 14, 2025 EPSS Score
- Aug 14, 2025 Coalition ESS Score
- Aug 14, 2025 Coalition ESS Score
- Aug 22, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 30, 2025 EPSS Score
- Sep 8, 2025 EPSS Score
- Sep 16, 2025 EPSS Score
- Sep 24, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
References
- https://github.com/external-secrets/external-secrets/security/advisories/GHSA-fcxq-v2r3-cc8h url
- https://github.com/external-secrets/external-secrets/pull/5109 url
- https://github.com/external-secrets/external-secrets/pull/5133 url
- https://github.com/external-secrets/external-secrets/commit/39cdba5863533007b582dc63dd300839326b2f1d url
- https://github.com/external-secrets/external-secrets/commit/de40e8f4fa9559c1d770bb674589b285da5ef2d1 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-55196 advisory
- https://github.com/external-secrets/external-secrets package