CVE-2025-58061
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: GitHub, Inc.

Description
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The rawfile-localpv storage class creates persistent volume data under /var/csi/rawfile/ on Kubernetes hosts by default. However, the directory and data in it are world-readable. It allows non-privileged users to access the whole persistent volume data, and those can include sensitive information such as a whole database if the Kubernetes tenants are running MySQL or PostgreSQL in a container so it could lead to a database breach. This issue has been patched in version 0.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58061
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openebs rawfile-localpv *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Upgrade OpenEBS Local PV RawFile to version 0.10.0 or later, where the issue has been patched. Additionally, verify and restrict permissions on the /var/csi/rawfile/ directory to prevent world-readable access to persistent volume data.

Executive Summary

This vulnerability exists in OpenEBS Local PV RawFile versions prior to 0.10.0, where persistent volume data created under /var/csi/rawfile/ on Kubernetes hosts is world-readable. This means non-privileged users can access sensitive data stored in these volumes, such as databases running inside Kubernetes containers, potentially leading to unauthorized data exposure.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive persistent volume data by non-privileged users. If your Kubernetes workloads include databases like MySQL or PostgreSQL, this could result in a database breach, exposing confidential information to unauthorized parties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart