Advisory Database
  • Advisories
  • Dependency Scanning
  1. nuget
  2. ›
  3. KubernetesClient
  4. ›
  5. CVE-2025-9708

CVE-2025-9708: Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain

September 17, 2025

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

References

  • github.com/advisories/GHSA-w7r3-mgwf-4mqq
  • github.com/kubernetes-client/csharp
  • github.com/kubernetes/kubernetes/issues/134063
  • groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ
  • nvd.nist.gov/vuln/detail/CVE-2025-9708

Code Behaviors & Features

Detect and mitigate CVE-2025-9708 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 17.0.14

Fixed versions

  • 17.0.14

Solution

Upgrade to version 17.0.14 or above.

Impact 6.8 MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Learn more about CVSS

Weakness

  • CWE-295: Improper Certificate Validation

Source file

nuget/KubernetesClient/CVE-2025-9708.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 18 Sep 2025 12:19:23 +0000.