CVE-2025-61688
- Source
- https://cve.org/CVERecord?id=CVE-2025-61688
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61688.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-61688
- Aliases
- Downstream
- Related
- Published
- 2025-10-13T20:46:54.907Z
- Modified
- 2026-04-10T05:33:33.157754Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Omni leaks information via the API
- Details
-
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-200" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61688.json" }- References
Affected packages
Git / github.com/siderolabs/omni
Affected ranges
Affected versions
client/v0.*
client/v0.48.0-beta.0
client/v0.51.0-beta.0
client/v0.51.0-beta.1
client/v1.*
client/v1.0.0
client/v1.0.1
client/v1.1.0
client/v1.1.2
v0.*
v0.33.0-beta.0
v0.34.0-beta.0
v0.35.0-beta.0
v0.36.0-beta.0
v0.37.0-beta.0
v0.38.0-beta.0
v0.39.0-beta.0
v0.40.0-beta.0
v0.41.0-beta.0
v0.42.0-beta.0
v0.43.0
v0.43.0-beta.0
v0.44.0-beta.0
v0.45.0-beta.0
v0.46.0-beta.0
v0.47.0-beta.0
v0.47.0-beta.1
v0.48.0-beta.0
v0.49.0-beta.0
v0.50.0-beta.0
v0.51.0-beta.0
v0.51.0-beta.1
v0.51.0-beta.2
v0.52.0-beta.0
v1.*
v1.0.0
v1.0.0-beta.0
v1.0.0-beta.1
v1.0.1
v1.1.0
v1.1.0-beta.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4