CVE-2021-25738 is a vulnerability in Kubernetes Java
Published on October 11, 2021

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

NVD

Vulnerability Analysis

CVE-2021-25738 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2021-25738

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-25738 are published in Kubernetes Java:

Kubernetes Java

Affected Versions

Kubernetes Java Client:

Version v12.0.0 is affected.
Version unspecified, <= v11.0.1 is affected.
Version unspecified, <= v10.0.1 is affected.
Version unspecified, <= v9.0.2 is affected.

Exploit Probability

EPSS

0.12%

Percentile

31.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-25738 is a vulnerability in Kubernetes JavaPublished on October 11, 2021

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2021-25738

Affected Versions

Exploit Probability

CVE-2021-25738 is a vulnerability in Kubernetes Java
Published on October 11, 2021