CVE-2025-58061
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-08-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openebs | rawfile-localpv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenEBS Local PV RawFile versions prior to 0.10.0, where persistent volume data created under /var/csi/rawfile/ on Kubernetes hosts is world-readable. This means non-privileged users can access sensitive data stored in these volumes, such as databases running inside Kubernetes containers, potentially leading to unauthorized data exposure.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive persistent volume data by non-privileged users. If your Kubernetes workloads include databases like MySQL or PostgreSQL, this could result in a database breach, exposing confidential information to unauthorized parties.
What immediate steps should I take to mitigate this vulnerability?
Upgrade OpenEBS Local PV RawFile to version 0.10.0 or later, where the issue has been patched. Additionally, verify and restrict permissions on the /var/csi/rawfile/ directory to prevent world-readable access to persistent volume data.