CVE-2025-68476HIGHCVSS 8.2fixed in 2.17.3ยทv>= 2.18.0, < 2.18.32025-12-22
CVE-2025-68476 [HIGH] CWE-22 CVE-2025-68476: KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3,
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validatio
nvd