CVE-2025-47282: Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation

May 19, 2025

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.

References

github.com/advisories/GHSA-xwgg-m7fx-83wx
github.com/gardener/external-dns-management
github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx
nvd.nist.gov/vuln/detail/CVE-2025-47282

Code Behaviors & Features

Detect and mitigate CVE-2025-47282 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →