Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-47283

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. gardener/gardener (gardenlet) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

Published: May 19, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-47283
GHSA: GHSA-3hw7-qj9h-r835
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
github.com/gardener/gardener	-	1.116.4
github.com/gardener/gardener	1.117.0	1.117.5
github.com/gardener/gardener	1.118.0	1.118.2
gardener / gardener	-	1.116.4
gardener / gardener	1.117.0	1.117.5
gardener / gardener	1.118.0	1.118.2

https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo