Vulnerability Database

296,108

Total vulnerabilities in the database

CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWEs:

Software From Fixed in
Go icon k8s.io/kubernetes - 1.31.12
Go icon k8s.io/kubernetes 1.32.0-alpha.0 1.32.8
Go icon k8s.io/kubernetes 1.33.0-alpha.0 1.33.4