CVE-2025-13281 | Kubernetes kube-controller-manager up to 1.30.14/1.31.14/1.32.9/1.33.5/1.34.1 server-side request forgery

A vulnerability has been found in Kubernetes kube-controller-manager up to 1.30.14/1.31.14/1.32.9/1.33.5/1.34.1 and classified as critical. Affected is an unknown function of the component kube-controller-manager. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2025-13281. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.