CVE-2025-24376

Summary

CVE-2025-24376 is a vulnerability affecting the kubewarden-controller in Kubernetes. This controller is used to dynamically register Kubewarden admission policies, which evaluate only namespaced resources. However, some sensitive resources, such as PolicyReport, should not be subject to these policies. An attacker can exploit this vulnerability by using AdmissionPolicy or AdmissionPolicyGroup to prevent the creation and update of PolicyReport objects, thereby hiding non-compliant resources. Additionally, a mutating AdmissionPolicy can be used to alter the contents of PolicyReport. Starting from version 1.21.0, validation rules have been tightened to prevent sensitive types of namespaced resources from being validated by AdmissionPolicy and AdmissionPolicyGroup.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.