Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64304.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-64304
Upstream
Published
2025-06-23T16:15:27Z
Modified
2026-04-21T04:32:21.616705Z
Summary
CVE-2025-4563 affecting package kubernetes for versions less than 1.30.10-9
Details

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.

References

Affected packages

Azure Linux:3 / kubernetes

Package

Name
kubernetes
Purl
pkg:rpm/azure-linux/kubernetes

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.30.10-9

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64304.json"