CVE-2025-5187
1 分钟 阅读时间
该漏洞与 Node 权限边界相关。KLTS 回补后会阻止 Node 用户修改 ownerReferences。
漏洞影响
上游元数据给出的受影响范围:在受支持分支上 <= k8s1.31.11。
漏洞评分
该漏洞为中危漏洞,CVSS 评分为 6.7。
官方修复的版本
KLTS 修复的版本
- v1.30.14-lts.1 CVE-2025-5187.patch
- v1.29.15-lts.1 CVE-2025-5187.patch
- v1.28.15-lts.2 CVE-2025-5187.patch
- v1.27.16-lts.1 CVE-2025-5187.patch
- v1.26.15-lts.1 CVE-2025-5187.patch
- v1.25.16-lts.1 CVE-2025-5187.patch
- v1.24.17-lts.1 CVE-2025-5187.patch
- v1.23.17-lts.1 CVE-2025-5187.patch
- v1.22.17-lts.1 CVE-2025-5187.patch
- v1.21.14-lts.2 CVE-2025-5187.patch
- v1.20.15-lts.3 CVE-2025-5187.patch
- v1.19.16-lts.4 CVE-2025-5187.patch
- v1.18.20-lts.3 CVE-2025-5187.patch
- v1.17.17-lts.3 CVE-2025-5187.patch
- v1.16.15-lts.3 CVE-2025-5187.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
最后修改
2026.04.15
: docs: sync recent kubernetes-lts releases and CVEs (5ee2b8f3)