CVE-2025-27403: Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
(updated )
In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify’s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry.
References
- github.com/advisories/GHSA-44f7-5fj5-h4px
- github.com/ratify-project/ratify
- github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f
- github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c
- github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px
- nvd.nist.gov/vuln/detail/CVE-2025-27403
- pkg.go.dev/vuln/GO-2025-3511
Detect and mitigate CVE-2025-27403 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →