CVE-2025-47282CRITICAL 9.9EPSS p43.7%

CVE-2025-47282CVE-2025-47282

Description

Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.

Scoring

CVSS 3.09.9 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.7% · 2026-06-19T12:03:05Z
Published2025-05-19
Last modified2026-04-15

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47283
CVE
CVE-2025-47284
CVE
CVE-2025-59823
CVE
CVE-2025-67508
CVE
CVE-2025-1974
CVE
CVE-2025-26492
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.