VDB
CVE-2025-9708
CVE-2025-9708
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
EPSS 0.02% · 5.5th percentile
Risk Scores
CVSS v3.1
6.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
0.02%
5.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NuGet | KubernetesClient | 0 |
| Kubernetes | Kubernetes CSharp Client | 0, 17.0.14 |
Timeline
- Sep 16, 2025 PoC Published
- Sep 16, 2025 PoC Published
- Sep 16, 2025 PoC Published
- Sep 16, 2025 CVE Published
- Sep 17, 2025 EPSS Score
- Sep 17, 2025 PoC Published
- Sep 17, 2025 PoC Published
- Sep 17, 2025 PoC Published
- Sep 19, 2025 PoC Published
- Sep 23, 2025 PoC Published
- Sep 24, 2025 EPSS Score
- Oct 1, 2025 EPSS Score
References
- https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ mailing-list
- https://github.com/kubernetes/kubernetes/issues/134063 issue
- http://www.openwall.com/lists/oss-security/2025/09/16/1 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-9708 advisory
- https://github.com/kubernetes-client/csharp package