Developer Tools

In GitHub Enterprise Server versions prior to 3.19 a high severity vulnerability CVE-2025-11578 was detected. This vulnerability allows an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their SSH key to the root user’s authorized keys, granting full root access. To fix this vulnerability, users should upgrade GitHub Enterprise Server to versions 3.14.19, 3.15.14, 3.16.10, 3.17.7, 3.18.1, or 3.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11578.

In ZITADEL versions 4.0.0-rc.1 through 4.6.2 a high severity vulnerability CVE-2025-64431 was detected. This vulnerability allows authenticated users with specific administrator roles in one organization to access or modify organization-level data (such as name, domains, and metadata) of other organizations via insecure direct object reference (IDOR) in the V2Beta API, leading to cross-tenant data tampering. To address this issue, users should upgrade ZITADEL to version 4.6.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64431.

In Kubernetes C# client versions prior to 17.0.14 a medium severity vulnerability CVE-2025-9708 was detected. This vulnerability allows the client to accept certificates from any Certificate Authority (CA) without properly validating the trust chain in custom CA mode, which may allow a malicious actor to present a forged certificate and perform man-in-the-middle attacks or API impersonation. To fix this vulnerability, users should upgrade to version 17.0.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9708.

In GitLab EE versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 a high severity vulnerability CVE-2025-11702 was detected. This vulnerability allows an authenticated attacker with specific permissions to hijack project runners from other projects. To fix this vulnerability, users should upgrade to GitLab versions 18.5.1, 18.4.3, or 18.3.5. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-11702.

In Rancher Manager versions prior to 2.11.7 and 2.12.3 a medium severity vulnerability CVE-2023-32199 was detected. This issue allows users to retain administrative access to clusters even after a custom GlobalRole or its binding has been removed, provided the role included wildcard * permissions for resources or non-resource URLs. To fix this issue, users should upgrade to Rancher Manager versions 2.11.7 or 2.12.3 or later. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-32199.

In Rancher Manager versions 2.9.0 through 2.12.2 a medium severity vulnerability CVE-2024-58269 was detected. This vulnerability allows sensitive information — including secret data, cluster import URLs, and registration tokens — to be exposed to any entity with access to Rancher audit logs. To fix this vulnerability, users should upgrade to version 2.12.3 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-58269.

In Jenkins OpenShift Pipeline Plugin versions up to and including 1.0.57 a medium severity vulnerability CVE‑2025‑64143 was detected. This vulnerability allows tokens to be stored unencrypted in job config.xml files on the Jenkins controller, making them visible to users with Item/Extended Read permission or those with access to the file system. To fix this issue, users should upgrade to version 1.0.58 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-64143.

In GitLab Enterprise Edition versions from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a low severity vulnerability CVE-2025-6601 was detected. This vulnerability allows authenticated users to gain unauthorized access to projects by exploiting flaws in the access request approval workflow. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6601.

In GitLab Enterprise Edition versions from 17.6.0 up to and including 18.3.4, from 18.4.0 up to and including 18.4.2, and from 18.5.0 up to and including 18.5.0 a low severity vulnerability CVE-2025-11989 was detected. This vulnerability allows an authenticated attacker to execute unauthorized quick actions by embedding malicious commands in specific descriptions. To address this issue, users should update GitLab to versions 18.3.5, 18.4.3, or 18.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11989.