CVE-2025-0426Uncontrolled Resource Consumption in Kubernetes

CWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 88.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
KubernetesK8s.io KubernetesKubernetes Kubelet
Timeline
PublishedFeb 13
Latest updateMar 3

Description

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

CVEListV5kubernetes/kubelet1.32.01.32.1+2
Gok8s.io/kubernetes1.32.01.32.2+3
Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3

🔴Vulnerability Details

5
OSV
Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes2025-03-03
GHSA
Node Denial of Service via kubelet Checkpoint API2025-02-13
CVEList
CVE-2025-0426: A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP2025-02-13
OSV
CVE-2025-0426: A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP2025-02-13
OSV
Node Denial of Service via kubelet Checkpoint API2025-02-13

📋Vendor Advisories

3
Red Hat
k8s.io/kubernetes: kubelet: node denial of service via kubelet checkpoint API2025-02-13
Microsoft
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by fi2025-02-11
Debian
CVE-2025-0426: kubernetes - A security issue was discovered in Kubernetes where a large number of container ...2025
CVE-2025-0426 — Uncontrolled Resource Consumption | cvebase