CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

April 22, 2025

CVE ID : CVE-2025-32963

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

Next Article CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Xbox just made the best console version of Forza Horizon 5 yet — for the PS5 Pro

Intel Arc graphics driver brings support for The Elder Scrolls IV: Oblivion Remastered to desktop PCs and Core Ultra laptop GPUs

Frostpunk 1886 is a reimagining of the original game, and it’s coming in 2027

Overwatch 2 Stadium Mode — Best Juno Builds: Best items, powers, and gameplay tips

As an SEO beginner, how can I get traffic for the website I’ve created?

As an SEO beginner, how can I get traffic for the website I’ve created?

j-Box - Total.js UI component

Redwood is coming…

Xbox just made the best console version of Forza Horizon 5 yet — for the PS5 Pro

Xbox just made the best console version of Forza Horizon 5 yet — for the PS5 Pro

Intel Arc graphics driver brings support for The Elder Scrolls IV: Oblivion Remastered to desktop PCs and Core Ultra laptop GPUs

Frostpunk 1886 is a reimagining of the original game, and it’s coming in 2027

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

You can now preorder ASUS’ ridiculously powerful 2-in-1 detachable gaming laptop

How to manage Bluesky, Mastodon, and Threads all from one free app

Agentforce World Tour 2024 Recap: Transforming Work and Customer Service with AI

The 15 Hottest New Typefaces of April 2024

Stumpy: A Powerful and Scalable Python Library for Modern Time Series Analysis

Employee Privacy Policy

Elden Ring DLC: Full interactive map of Shadow of the Erdtree

I tested the AI voice recorder that’s got the work industry buzzing – and it did not disappoint

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Related Posts