{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T14:33:50.068","vulnerabilities":[{"cve":{"id":"CVE-2025-46599","sourceIdentifier":"cve@mitre.org","published":"2025-04-25T05:15:33.330","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials."},{"lang":"es","value":"CNCF K3s 1.32 anterior a 1.32.4-rc1+k3s1 tiene un cambio de configuración de kubelet de Kubernetes con la consecuencia no deseada de que, en algunas situaciones, ReadOnlyPort se establece en 10255. Por ejemplo, el comportamiento predeterminado de una instalación en línea de K3s podría permitir el acceso no autenticado a este puerto, exponiendo las credenciales."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port","source":"cve@mitre.org"},{"url":"https://github.com/f1veT/BUG/issues/2","source":"cve@mitre.org"},{"url":"https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a","source":"cve@mitre.org"},{"url":"https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1","source":"cve@mitre.org"},{"url":"https://github.com/k3s-io/k3s/issues/12164","source":"cve@mitre.org"}]}}]}