CNNVD-202509-3965 Information

Sep 25, 2025 cve

CNNVD ID

CNNVD-202509-3965

CVE-2025-59823

  • CNNVD Published: 2025-09-25

Description (Chinese)

Gardener Extension for AWS provider是Gardener开源的一个=扩展控制器=。 Gardener Extension for AWS provider存在代码注入漏洞,该漏洞源于可能允许具有管理权限的用户通过代码注入获取种子集群控制权。

Description (English)

Gardener Extension for AWS programr is an = extended controller = for Gardner open source. Gardener Extension for AWS projecter has a code-infusion loophole, which arises out of the possibility of allowing users with regulatory privileges to acquire seed cluster control through code injection.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Gardener

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/gardener/gardener-extension-provider-azure/releases/tag/v1.55.0 https://github.com/gardener/gardener-extension-provider-aws/security/advisories/GHSA-227x-7mh8-3cf6 https://github.com/gardener/gardener-extension-provider-aws/releases/tag/v1.64.0 https://github.com/gardener/gardener-extension-provider-gcp/releases/tag/v1.46.0 https://github.com/gardener/gardener-extension-provider-openstack/releases/tag/v1.49.0 https://access.redhat.com/security/cve/cve-2025-59823

Patch

https://github.com/gardener/gardener-extension-provider-aws/releases

Share on: