High Published: Dec 12, 2025

CVE-2025-67508

8 CVSS Score High

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Export:

Link copied!

Description

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft malicious credential values. The forged credential values are used in infrastructure Secret objects that break out of the intended string context when evaluated in Fish or PowerShell environments used by the Gardener service operators. This issue is fixed in version 2.12.0.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Weaknesses (CWE)

CWE-77

References & External Links

https://github.com/gardener/gardenctl-v2/security/advisories/GHSA-fw33-qpx7-rhx2

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker