CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

April 22, 2025

CVE ID : CVE-2025-32963

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

Next Article CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

A massive discount turns this vanilla laptop into an affordable AI PC sundae — save $370 on HP’s 2-in-1 Copilot+ PC

CVE-2025-20310 – Cisco Enterprise Chat and Email (ECE) Stored Cross-Site Scripting Vulnerability

CVE-2025-1533 – ASUS Armoury Crate App Stack Buffer Overflow

This Marshall Bluetooth speaker I tested sounds better than audio systems twice the price

Debian 13: Novità nell’Installer con Supporto per il Recupero dei Sistemi Btrfs

CVE-2022-45120 – Apache Struts Cross-Site Scripting Vulnerability

CVE-2025-4439 – GitLab Cross-Site Scripting (XSS)

I changed these 6 settings on my iPad to significantly improve its battery life

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Related Posts