CNNVD-202510-1654 Information

Oct 13, 2025 cve

CNNVD ID

CNNVD-202510-1654

CVE-2025-59836

  • CNNVD Published: 2025-10-13

Description (Chinese)

omni是Sidero Labs, Inc.开源的一个Kubernetes的部署工具。 Omni 1.1.5之前版本和1.0.2之前版本存在安全漏洞,该漏洞源于isSensitiveSpec函数未检查resource的metadata字段是否为空,可能导致空指针取消引用和拒绝服务。

Description (English)

Onni is a Kubernetes deployment tool for Sidero Labs, Inc. There is a security loophole in previous versions of Omni 1.1.5 and before 1.0.2, which stems from the fact that the IsSensitiveSpec function does not check whether the metadata field of resource is empty and may lead to the cancellation of references and denials of services by the empty pointer.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sidero Labs, Inc.

Published

2025-10-13

Last Modified

2026-02-24

References

https://github.com/siderolabs/omni/commit/1fd954af64985a8b3dbf5b11deddbf7cd953f5ae https://github.com/siderolabs/omni/commit/1396083f766a1b0380e9949968d7fc17b7afecaa https://github.com/siderolabs/omni/security/advisories/GHSA-4p3p-cr38-v5xp https://access.redhat.com/security/cve/cve-2025-59836

Patch

https://github.com/siderolabs/omni/releases

Share on: