CVE-2025-68476HIGH≥ 2.18.0, < 2.18.3·≥ 0, < 2.17.32025-12-22
CVE-2025-68476 [HIGH] CWE-22 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
### Impact
An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication.
The vulnerability stems from an incorrect or insufficient p
ghsaosv