Critical Vulnerability Information Vulnerability Description Issue: The certificate validation logic in the Kubernetes Cclient accepts any correctly formatted certificate issued by any Certificate Authority (CA), without properly validating the trust chain. Impact: Allows malicious actors to provide forged certificates, potentially intercepting or manipulating communication with the Kubernetes API server, leading to man-in-the-middle attacks and API impersonation. CVSS Score Score: Med (6.8) CVE ID: CVE-2025-9708 Exploitability Conditions: Systems using the Kubernetes Cclient to connect to the Kubernetes API server via TLS/HTTPS, with custom CA certificates specified in the kubeconfig file, and connecting over untrusted networks. Affected Versions Versions: All Kubernetes Cclient versions = v17.0.14 Detection Method Steps: - Review usage of the Kubernetes Cclient and inspect certificate validation logic. - Examine kubeconfig files to determine if custom CA certificates are being used. - Review client logs for unexpected or untrusted certificate connections. Contact Reporting: If evidence of exploitation is found, please contact secu...@kubernetes.io Additional Details Link: https://github.com/kubernetes/kubernetes/issues/134063