CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

April 25, 2025

CVE ID : CVE-2025-46599

Published : April 25, 2025, 5:15 a.m. | 2 hours, 15 minutes ago

Description : CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3775 – ShopLentor WooCommerce Builder SSRF Vulnerability

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

Developing a Serverless Blogging Platform with AWS Lambda and Python

YAML files in DBT

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Graphite spyware used in Apple iOS zero-click attacks on journalists

CVE-2025-5785 – Totolink X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-4464 – iSourcecode Gym Management System SQL Injection Vulnerability

CVE-2025-45861 – TOTOLINK A3002R Buffer Overflow Vulnerability

OpenAI shut down the Ghibli craze – now users are turning to open source

A glimpse of the next generation of AlphaFold

CVE-2023-34732 – Flytxt NEON-dX Password Brute Force Vulnerability

Who needs a console when you can play Quake 2 with AI instead

Copilot will generate personalized podcasts for users

CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Related Posts