Medium severity6.2NVD Advisory· Published Feb 13, 2025· Updated Apr 15, 2026

CVE-2025-0426

Description

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
k8s.io/kubernetesGo	>= 1.32.0, < 1.32.2	1.32.2
k8s.io/kubernetesGo	>= 1.31.0, < 1.31.6	1.31.6
k8s.io/kubernetesGo	>= 1.30.0, < 1.30.10	1.30.10
k8s.io/kubernetesGo	< 1.29.14	1.29.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-jgfp-53c3-624wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-0426ghsaADVISORY
www.openwall.com/lists/oss-security/2025/02/13/1nvdWEB
github.com/kubernetes/kubernetes/issues/130016nvdWEB
groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.403
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000