{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64171", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-28T21:07:16.439Z", "datePublished": "2025-11-06T00:23:48.695Z", "dateUpdated": "2025-11-06T21:17:02.114Z"}, "containers": {"cna": {"title": "MARIN3R: Cross-Namespace Vulnerability in the Operator", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j"}, {"name": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981", "tags": ["x_refsource_MISC"], "url": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981"}], "affected": [{"vendor": "3scale-sre", "product": "marin3r", "versions": [{"version": "< 0.13.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-06T00:23:48.695Z"}, "descriptions": [{"lang": "en", "value": "MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4."}], "source": {"advisory": "GHSA-gf93-xccm-5g6j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-06T21:16:51.813049Z", "id": "CVE-2025-64171", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-06T21:17:02.114Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64171", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-06T21:16:51.813049Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-06T21:16:58.262Z"}}], "cna": {"title": "MARIN3R: Cross-Namespace Vulnerability in the Operator", "source": {"advisory": "GHSA-gf93-xccm-5g6j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "3scale-sre", "product": "marin3r", "versions": [{"status": "affected", "version": "< 0.13.4"}]}], "references": [{"url": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j", "name": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981", "name": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-06T00:23:48.695Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64171", "state": "PUBLISHED", "dateUpdated": "2025-11-06T21:17:02.114Z", "dateReserved": "2025-10-28T21:07:16.439Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-06T00:23:48.695Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4."}], "id": "CVE-2025-64171", "lastModified": "2025-11-06T19:45:09.883", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-06T01:15:38.493", "references": [{"source": "[email protected]", "url": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981"}, {"source": "[email protected]", "url": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "marin3r: MARIN3R: Cross-Namespace Vulnerability in the Operator", "id": "2412992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412992"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-862", "details": ["A cross-namespace authorization flaw has been identified in the MARIN3R operator\u2019s DiscoveryServiceCertificate resource. The flaw occurs because the operator mistakenly treats certain inputs as valid, bypassing Kubernetes Role-Based Access Control (RBAC). When a user has permission to create DiscoveryServiceCertificate objects in one Kubernetes namespace, they could exploit the vulnerability to indirectly read Secret objects in other namespaces that they should not have access to."], "mitigation": {"lang": "en:us", "value": "As an interim workaround, restrict permissions so that only trusted cluster administrators can create DiscoveryServiceCertificate resources until the update is applied"}, "name": "CVE-2025-64171", "public_date": "2025-11-06T00:23:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-64171\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-64171\nhttps://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981\nhttps://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j"], "statement": "The severity is considered Moderate, because exploitation can be done over the network via the K8s API (AV:N), no unusual conditions are required for the attack (AC:L), however, the attacker must already hold permissions to create DiscoveryServiceCertificate objects in some namespace, without requiring elevated privileges beyond what the user already has for creating DiscoveryServiceCertificate objects. It enables unauthorized disclosure of sensitive secrets across namespace boundaries (only confidentiality impact), without affecting integrity or availability.", "threat_severity": "Moderate"}