CVE-2021-25740 LOW

CVE-2021-25740: Holes in EndpointSlice Validation Enable Host Network Hijack

Vendor Kubernetes
Product Kubernetes
Weakness CWE-441
Published September 20, 2021
Last update June 1, 2026

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

Key dates

02Disclosure timeline

September 20, 2021 CVE published
June 1, 2026 Record updated