Upstream information

CVE-2025-46599 at MITRE

Description

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  CNA (MITRE)
Base Score 6.8
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact None
Availability Impact None
CVSSv3 Version 3.1
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • govulncheck-vulndb >= 0.0.20250506T153719-1.1
Patchnames:
openSUSE-Tumbleweed-2025-15059


SUSE Timeline for this CVE

CVE page created: Fri Apr 25 08:00:04 2025
CVE page last modified: Thu Aug 7 01:35:48 2025