HAProxy K8s Ingress Controller <3.1.13 config-snippets YML Injection
CVE-2025-59303 Published on October 8, 2025
HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress Controller are 3.0.16-ee1, 1.11.13-ee1, and 1.9.15-ee1.
Weakness Type
Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Products Associated with CVE-2025-59303
Want to know whenever a new CVE is published for HAProxy? stack.watch will email you.
Affected Versions
HAProxy Kubernetes Ingress Controller:- Before 3.1.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.