logo

Database

Insecure digital certificates In kubernetesclient

Description

Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-97082. NVD-2025-97083. OSV-2025-97084. GCVE-2025-9708

References

1. https://github.com/kubernetes/kubernetes/issues/1340632. https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ3. http://www.openwall.com/lists/oss-security/2025/09/16/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-LD4L3 – Vulnerability | Fluid Attacks Database