CVE-2025-13281

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13281

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13281.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13281

Aliases

Downstream

DEBIAN-CVE-2025-13281

MINI-27hm-q2wf-7mr4

MINI-293q-ch4v-jpwg

MINI-2c3h-pr47-j69x

MINI-2pgx-ffvm-g22q

MINI-3wr8-ch72-2c25

MINI-525p-529r-rr42

MINI-62w8-cxqf-gxw9

MINI-734r-rpvv-wmrm

MINI-7hf9-9m7w-r63x

MINI-7rhv-j3ph-2qmr

MINI-9p23-p575-hcjm

MINI-c7wq-3r7x-853x

MINI-cg9r-38q4-cv4q

MINI-cqg6-934h-x5vr

MINI-crx7-pg4h-jf7p

MINI-cwh4-wr4f-6ff4

MINI-fg87-xrwp-3p56

MINI-fr33-f4p5-7fw5

MINI-g2ff-wj7q-f2v2

MINI-gxq6-66v7-jq89

MINI-hvg3-r653-mp95

MINI-jr5p-8c3j-3858

MINI-p2v3-m8h5-x92h

MINI-p8m5-h44g-9j23

MINI-qrvq-pw3v-mpg7

MINI-v2wg-j5hm-9h2v

MINI-vrgm-r27q-pf5f

MINI-xmcf-6v26-ggjv

OESA-2025-2815

OESA-2025-2816

OESA-2025-2817

OESA-2025-2818

OESA-2025-2819

SUSE-SU-2026:0037-1

Related

Published

2025-12-14T22:15:36.450Z

Modified

2026-03-23T05:07:06.312063692Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13281.json"