Vulnerability Database

296,662

Total vulnerabilities in the database

CVE-2025-59823

Impact

A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed.

This CVE affects all Gardener installations where Terraformer is used/can be enabled for infrastructure provisioning with any of the affected components mentioned below.

Affected Components

• gardener-extension-provider-gcp • gardener-extension-provider-azure • gardener-extension-provider-openstack • gardener-extension-provider-aws

Affected Versions

• gardener-extension-provider-gcp < v1.46.0 • gardener-extension-provider-azure < v1.55.0 • gardener-extension-provider-openstack < v1.49.0 • gardener-extension-provider-aws < v1.64.0

Fixed versions

• gardener-extension-provider-gcp >= v1.46.0 • gardener-extension-provider-azure >= v1.55.0 • gardener-extension-provider-openstack >= v1.49.0 • gardener-extension-provider-aws >= v1.64.0

How do I mitigate this vulnerability?

Update to a fixed version.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWEs: