VDB
GO-2025-3885
GO-2025-3885
PUBLISHED
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | external-secrets/external-secrets | 0.15.0, 0.15.0 |
Timeline
- Aug 18, 2025 CVE Published
- Aug 18, 2025 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/external-secrets/external-secrets/security/advisories/GHSA-fcxq-v2r3-cc8h advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-55196 advisory
- https://github.com/external-secrets/external-secrets/commit/39cdba5863533007b582dc63dd300839326b2f1d patch
- https://github.com/external-secrets/external-secrets/commit/de40e8f4fa9559c1d770bb674589b285da5ef2d1 patch
- https://github.com/external-secrets/external-secrets/pull/5109 patch
- https://github.com/external-secrets/external-secrets/pull/5133 patch