CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

April 22, 2025

CVE ID : CVE-2025-32963

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

Next Article CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

Highlights

CVE-2025-54126 – WAMR iwasm IPv4 Address Pool Vulnerability (Remote Access Bypass)

July 29, 2025

CVE ID : CVE-2025-54126

Published : July 29, 2025, 10:15 p.m. | 1 hour, 12 minutes ago

Description : The WebAssembly Micro Runtime’s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses –addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to accept all IP addresses. This can unintentionally expose the service to all incoming connections and bypass intended access restrictions. Services relying on –addr-pool for restricting access by IP may unintentionally become open to all external connections. This may lead to unauthorized access in production deployments, especially when users assume that specifying an IP without a subnet mask implies a default secure configuration. This is fixed in version 2.4.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

CVE-2025-28121 – Code-Projects Online Exam Mastering System XSS Vulnerability

“Any third-party websites selling Esquie plushies are NOT officially licensed. Many of them are using AI-generated artwork” Clair Obscur: Expedition 33 developers call out fakes and confirm its own official merchandise in the works

Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised

Autoapply: Best Autoapply Job Tools for LinkedIn in 2025

CVE-2025-54126 – WAMR iwasm IPv4 Address Pool Vulnerability (Remote Access Bypass)

TeleMessage, the Signal clone used by US government officials, suffers hack

Learn how to build security into AI

CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Related Posts