CVE-2025-1767

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1767

CGA ID

CGA-2v98-c4m7-xwv6

Severity

Unknown

Description

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

References

https://images.chainguard.dev/security/CGA-2v98-c4m7-xwv6
https://github.com/advisories/GHSA-3wgm-2gw2-vh5m
https://github.com/kubernetes/kubernetes/pull/130786
https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
http://www.openwall.com/lists/oss-security/2025/03/13/9
https://security-tracker.debian.org/tracker/CVE-2025-1767

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-1767

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources