CVE-2025-9708

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

Published: Sep 17, 2025
Updated: Sep 18, 2025
CVE: CVE-2025-9708
GHSA: GHSA-w7r3-mgwf-4mqq
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
KubernetesClient	-	17.0.14

https://github.com/kubernetes/kubernetes/issues/134063
https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ

Vulnerability Database

CVE-2025-9708

Deep Security Visibility Without the Complexity