vulnerability
Arch Linux: Insufficient validation (CVE-2021-25740)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:P/I:N/A:N) | Sep 20, 2021 | Jul 11, 2025 | Feb 12, 2026 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Sep 20, 2021
Added
Jul 11, 2025
Modified
Feb 12, 2026
Description
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. If a potential attacker can create or edit Endpoints or EndpointSlices in the Kubernetes API, they can potentially direct a LoadBalancer or Ingress implementation to expose backend IPs the attacker should not have access to. Importantly, if the target’s NetworkPolicy already trusts the Load Balancer or Ingress implementation, NetworkPolicy can not be used to prevent exposure from other namespaces, potentially bypassing any security controls such as LoadBalancerSourceRanges.
Solution
arch-linux-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.