CVE-2021-25737
Published: 06 September 2021
Summary
CVE-2021-25737 is a low-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Kubernetes Kubernetes. Its CVSS base score is 2.7 (Low).
Operationally, ranked in the top 40.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-2095
Vulnerability details
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation…
more
was not performed on EndpointSlice IPs.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.
Validates redirect targets and URLs to ensure they conform to allowed destinations.
Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.