CVE-2025-14443: openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References
(updated )
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when processing user-supplied image references.
References
- access.redhat.com/security/cve/CVE-2025-14443
- bugzilla.redhat.com/show_bug.cgi?id=2420964
- github.com/advisories/GHSA-gxvv-45f6-3ch8
- github.com/openshift/openshift-apiserver
- github.com/openshift/openshift-apiserver/pull/591
- github.com/openshift/openshift-apiserver/pull/599
- nvd.nist.gov/vuln/detail/CVE-2025-14443
Code Behaviors & Features
Detect and mitigate CVE-2025-14443 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →