How severe is CVE-2025-47283?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2025-47283?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2025-47283 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

Related Vulnerabilities

CVE-2018-20162

CRITICAL

CVSS:9.9(Critical)

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary command...

CWE-202018

CVE-2021-3781

CRITICAL

CVSS:9.9(Critical)

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...

CWE-202021

CVE-2021-43779

CRITICAL

CVSS:9.9(Critical)

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability...

CWE-202021

CVE-2022-0415

CRITICAL

CVSS:9.9(Critical)

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

CWE-202022

CVE-2022-26780

CRITICAL

CVSS:9.9(Critical)

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code executio...

CWE-202022

CVE-2022-26781

CRITICAL

CVSS:9.9(Critical)

CWE-202022