Hello Kubernetes Community,
A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction admission controller does not prevent patching OwnerReferences, a compromised node could leverage this vulnerability to delete and then recreate its node object with modified taints or labels.
This issue has been rated Medium (6.7) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L, and assigned CVE-2025-5187.
Am I vulnerable?
All clusters that have enabled the NodeRestriction but not the OwnerReferencesPermissionEnforcement admission controller are vulnerable. The OwnerReferencesPermissionEnforcement controller protects access to the OwnerReferences of an object so that only users with delete permission to the object can change it.
Affected Versions
kube-apiserver: <= v1.31.11
kube-apiserver: <= v1.32.7
kube-apiserver: <= v1.33.3
How do I mitigate this vulnerability?
This issue can be mitigated by upgrading to a kube-apiserver binary running one of patched versions for 1.31 through 1.33 listed below. These fixed versions have added functionality to the NodeRestriction admission controller to prevent node users from modifying their own OwnerReferences.
Alternatively, this vulnerability can be mitigated by enabling the OwnerReferencesPermissionEnforcement admission controller, which will prevent any user without delete permissions on an object from modifying the OwnerReferences on that object. Note that this admission controller will apply to all users and object types.
Fixed Versions
kube-apiserver: >= v1.31.12
kube-apiserver: >= v1.32.8
kube-apiserver: >= v1.33.4
Detection
This issue can be detected on clusters which have NodeRestriction but not OwnerReferencesPermissionEnforcement enabled by analyzing API audit logs for node patch requests issued by node users which modify OwnerReferences. In normal operation, a Kubelet will never issue a patch request which modifies its own OwnerReferences.
If you find evidence that this vulnerability has been exploited, please contact secu...@kubernetes.io
See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/133471
Acknowledgements
This vulnerability was reported by Paul Viossat.
The issue was fixed and coordinated by:
Nathan Herz on behalf of the Kubernetes Security Response Committee