2422109 – (CVE-2025-13281) CVE-2025-13281 kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager

Bug 2422109 (CVE-2025-13281) - CVE-2025-13281 kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager

Summary: CVE-2025-13281 kube-controller-manager: Portworx Half-Blind SSRF in kube-cont...

Keywords:
Status:	NEW
Alias:	CVE-2025-13281
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2422304 2422305 2422306 2422307 2422308 2422313 2422314 2422315 2422309 2422310 2422311 2422312 2422316 2422317 2422318 2422319
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-14 22:01 UTC by OSIDB Bzimport
Modified:	2025-12-15 16:04 UTC (History)
CC List:	38 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-14 22:01:18 UTC

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Note You need to log in before you can comment on or make changes to this bug.

alcohan
anjoseph
carogers
eglynn
erezende
gparvin
haoli
hkataria
jajackso
jbalunas
jcammara
jjoyce
jmitchel
jneedle
jprabhak
jschluet
kegrant
koliveir
kshier
lhh
mabashia
manissin
mburns
mgarciac
owatkins
pahickey
pbraun
rhaigner
sakbas
shvarugh
simaishi
smcdonal
stcannon
teagle
tfister
thavo
wtam
yguenane