VDB

CVE-2025-68476

CVE-2025-68476 PUBLISHED CVSS 8.2 HIGH

Reported by GitHub_M · Published December 22, 2025

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.

Risk Scores

CVSS v4.0
8.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Products

VendorProductVersions
kedacorekeda< 2.17.3, >= 2.18.0, < 2.18.3
github.comkedacore/keda/v20, 2.18.0, 2.18.0
chainguardk8sgpt0, 0, 0
chainguardkserve0, 0, 0
wolfikserve0, 0, 0
kedacorekeda*, < 2.17.3, >= 2.18.0, < 2.18.3
wolfik8sgpt0, 0, 0

Timeline

  • Dec 22, 2025 CVE Published
  • Dec 23, 2025 CVE Updated
  • Dec 23, 2025 EPSS Score
  • Dec 27, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 7, 2026 EPSS Score
  • Jan 10, 2026 EPSS Score
  • Jan 14, 2026 EPSS Score
  • Jan 18, 2026 EPSS Score
  • Jan 22, 2026 EPSS Score
  • Jan 25, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›