CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.

Published: Aug 18, 2025
Updated: Aug 20, 2025
CVE: CVE-2025-55205
GHSA: GHSA-fcpm-6mxq-m5vv
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
github.com/projectcapsule/capsule	-	0.10.4

https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e
https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv
https://pkg.go.dev/vuln/GO-2025-3893

Vulnerability Database

CVE-2025-55205

Deep Security Visibility Without the Complexity