CVE-2025-68476Path Traversal in Keda

CWE-22Path TraversalCWE-863Incorrect Authorization7 documents6 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 63.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Kedacore KedaGithub.com Kedacore Keda V2Msrc Azl3 Keda 2.14.1-7 ON Azure Linux 3.0+1 more
Timeline
PublishedDec 22
Latest updateDec 30

Description

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or mo

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages4 packages

CVEListV5kedacore/keda< 2.17.3+1
Gogithub.com/kedacore_keda_v22.18.02.18.3+1

🔴Vulnerability Details

3
OSV
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda2025-12-30
OSV
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential2025-12-22
GHSA
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential2025-12-22

📋Vendor Advisories

2
Red Hat
github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication2025-12-22
Microsoft
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2025-68476 Impact, Exploitability, and Mitigation Steps | Wiz