QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47283

Published: May 19, 2025

Modified: Feb 6, 2026

PUBLISHED

CVSS v3.0

9.9

CRITICAL

Description

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

Vendor	Product	Versions
gardener	gardener	affected `< 1.116.4` affected `>= 1.117.0, < 1.117.5` affected `>= 1.118.0, < 1.118.2`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835

x_refsource_CONFIRM

https://github.com/gardener/gardener/commit/924b1575aae052bcda5a51fac8594d38fa3c41b0

x_refsource_MISC

https://github.com/gardener/gardener/commit/b89cf2cd5067e82f364063d5241af73650a6e11d

x_refsource_MISC

https://github.com/gardener/gardener/commit/bbd19b1dd3a31843d7b820172d37f75298dfaf8b

x_refsource_MISC

https://github.com/gardener/gardener/commit/cf4e9887d83902216b85609caf563f7a9dd2de00

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.