{"id":"CVE-2025-13281","details":"A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).","aliases":["GHSA-r6j8-c6r2-37rr","GO-2025-4240"],"modified":"2026-03-23T05:07:06.312063692Z","published":"2025-12-14T22:15:36.450Z","related":["CGA-qpfv-qmrf-52w5","SUSE-SU-2026:0037-1"],"references":[{"type":"WEB","url":"https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/12/01/4"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/135525"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"}]}