Cyberdudebivash

  Executive summary A newly disclosed flaw in the official Kubernetes C# client ( KubernetesClient NuGet) — CVE-2025-9708 — weakens TLS trust when you use a custom CA via kubeconfig. Under certain conditions, the client accepts certificates from any CA without fully verifying the chain , enabling man-in-the-middle (MITM) and API impersonation against Kubernetes API traffic. Severity is CVSS 6.8 (Medium) . Fixed in v17.0.14 ; all versions ≤ 17.0.13 are affected. Patch immediately if you use the C# client with a custom CA over untrusted networks. NVD +2 Discuss Kubernetes +2 What’s actually vulnerable? Library: Kubernetes C# client ( KubernetesClient NuGet). Trigger condition: Using custom CA certificates specified in kubeconfig (the clusters[].certificate-authority field), especially over untrusted networks (internet, shared corp WAN, remote dev). The bug can accept forged certs and establish a “secure” session with a spoofed API server. Discuss Kubernetes ...