CVE-2021-25740— Holes in EndpointSlice Validation Enable Host Network Hijack
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-25740
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Holes in EndpointSlice Validation Enable Host Network Hijack
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat OpenShift Container Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat OpenShift Container Platform是美国红帽(Red Hat)公司的一套可帮助企业在物理、虚拟和公共云基础架构之间开发、部署和管理现有基于容器的应用程序的应用平台。 Red Hat OpenShift Container Platform 存在安全漏洞
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Kubernetes | Kubernetes | unspecified ~ 1.20.11 | - |
II. Public POCs for CVE-2021-25740
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-25740
请登录查看更多情报信息。
- https://security.netapp.com/advisory/ntap-20211014-0001/x_refsource_CONFIRM
- https://github.com/kubernetes/kubernetes/issues/103675x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-25740
Same Patch Batch · Kubernetes · 2021-09-20 · 3 CVEs total
| CVE-2021-25741 | 8.8 HIGH | Symlink Exchange Can Allow Host Filesystem Access |
| CVE-2020-8561 | 4.1 MEDIUM | Webhook redirect in kube-apiserver |
IV. Related Vulnerabilities
Same product: Kubernetes
- CVE-2025-13281
Portworx Half-Blind SSRF in kube-controller-manager - CVE-2025-5187
Nodes can delete themselves by adding an OwnerReference - CVE-2025-4563
Nodes can bypass dynamic resource allocation authorization c - CVE-2024-5321
Incorrect permissions on Windows containers logs - CVE-2024-3177
Bypassing mountable secrets policy imposed by the ServiceAcc
Same vendor: Kubernetes
- CVE-2026-3864
CSI Driver for NFS path traversal via subDir may delete unin - CVE-2026-4342
ingress-nginx comment-based nginx configuration injection - CVE-2026-3288
ingress-nginx rewrite-target nginx configuration injection - CVE-2025-15566
ingress-nginx auth-proxy-set-headers nginx configuration inj - CVE-2026-24514
ingress-nginx Admission Controller denial of service
Same weakness: CWE-441
- CVE-2026-45182
GrapheneOS 20260504前IP泄露漏洞 - CVE-2026-41365
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API - CVE-2026-6993
go-kratos http.DefaultServeMux Fallback server.go NewServer - CVE-2026-39906
Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .N - CVE-2025-62718
Axios has a NO_PROXY Hostname Normalization Bypass that Lead
V. Comments for CVE-2021-25740
No comments yet