CVE-2025-47283

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

ardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

References

Link	Resource
https://github.com/gardener/gardener/commit/924b1575aae052bcda5a51fac8594d38fa3c41b0
https://github.com/gardener/gardener/commit/b89cf2cd5067e82f364063d5241af73650a6e11d
https://github.com/gardener/gardener/commit/bbd19b1dd3a31843d7b820172d37f75298dfaf8b
https://github.com/gardener/gardener/commit/cf4e9887d83902216b85609caf563f7a9dd2de00
https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gardener:gardener::::::::
	cpe:2.3:a:gardener:gardener::::::::
	cpe:2.3:a:gardener:gardener::::::::

History

06 Feb 2026, 19:16

Type	Values Removed	Values Added
References		() https://github.com/gardener/gardener/commit/924b1575aae052bcda5a51fac8594d38fa3c41b0 - () https://github.com/gardener/gardener/commit/b89cf2cd5067e82f364063d5241af73650a6e11d - () https://github.com/gardener/gardener/commit/bbd19b1dd3a31843d7b820172d37f75298dfaf8b - () https://github.com/gardener/gardener/commit/cf4e9887d83902216b85609caf563f7a9dd2de00 -

04 Sep 2025, 18:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gardener:gardener::::::::
First Time		Gardener gardener Gardener
References	~~() https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835 -~~	() https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835 - Third Party Advisory

21 May 2025, 20:25

Type	Values Removed	Values Added
Summary		(es) Gardener implementa la gestión y operación automatizadas de clústeres de Kubernetes como servicio. Se descubrió una vulnerabilidad de seguridad en Gardener anterior a las versiones 1.116.4, 1.117.5, 1.118.2 y 1.119.0 que podría permitir que un usuario con privilegios administrativos en un proyecto de Gardener controle los clústeres de semilla donde se administran sus clústeres de brote. Esta CVE afecta a todas las instalaciones de Gardener, independientemente del proveedor de nube pública utilizado para los clústeres de semilla/brote. El componente afectado es `gardener/gardener` (`gardenlet`). Las versiones 1.116.4, 1.117.5, 1.118.2 y 1.119.0 solucionan el problema.

19 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-19 19:15

Updated : 2026-02-06 19:16

NVD link : CVE-2025-47283

Mitre link : CVE-2025-47283

CVE.ORG link : CVE-2025-47283

JSON object : View

Products Affected

gardener

gardener

CWE

CWE-20

Improper Input Validation

9.9 /10