CVE-2025-64171

Vulnerability Description

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4.

Related Weaknesses (CWE)

CWE-862

References

https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30
https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j

FAQ

What is CVE-2025-64171?

CVE-2025-64171 is a documented vulnerability. MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificat...

How severe is CVE-2025-64171?

CVSS scoring is not yet available for CVE-2025-64171. Check NVD for updates.

Is there a patch for CVE-2025-64171?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.