VDB
DEBIAN-CVE-2025-5187
DEBIAN-CVE-2025-5187
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | kubernetes | 0, 0 |
| Debian:12 | kubernetes | 0, 0 |
| Debian:11 | kubernetes | 0, 0 |
| Debian:14 | kubernetes | 0, 0 |
Timeline
- Aug 27, 2025 CVE Published
- Apr 28, 2026 CVE Updated