CVE-2025-64171: MARIN3R: Cross-Namespace Vulnerability in the Operator
(updated )
Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces.
References
- github.com/3scale-sre/marin3r
- github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981
- github.com/3scale-sre/marin3r/commit/c60246a43ae8c0c38dd7267f298d68a121a159fa
- github.com/3scale-sre/marin3r/pull/294
- github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j
- github.com/advisories/GHSA-gf93-xccm-5g6j
- nvd.nist.gov/vuln/detail/CVE-2025-64171
Code Behaviors & Features
Detect and mitigate CVE-2025-64171 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →