CVE-2025-47283: Gardener allows bypassing project secret validation which can lead to privilege escalation
(updated )
A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.
References
- github.com/advisories/GHSA-3hw7-qj9h-r835
- github.com/gardener/gardener
- github.com/gardener/gardener/commit/924b1575aae052bcda5a51fac8594d38fa3c41b0
- github.com/gardener/gardener/commit/b89cf2cd5067e82f364063d5241af73650a6e11d
- github.com/gardener/gardener/commit/bbd19b1dd3a31843d7b820172d37f75298dfaf8b
- github.com/gardener/gardener/commit/cf4e9887d83902216b85609caf563f7a9dd2de00
- github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835
- nvd.nist.gov/vuln/detail/CVE-2025-47283
Code Behaviors & Features
Detect and mitigate CVE-2025-47283 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →