Vulnerability Key Information Vulnerability Type: Authentication Bypass Affected Versions: 1.5.0 Fixed Version: None Severity: Moderate - CVSS v3 Score: 4.7/10 - Attack Vector: Local - Attack Complexity: High - Required Privileges: Low - User Interaction: None - Scope: Unchanged - Confidentiality: None - Integrity: High - Availability: None CVE ID: CVE-2025-64432 Weakness Type: CWE-287 Discoverers: mihailkirov, Faerais95 Vulnerability Description The authentication flow in the Kubernetes aggregation layer contains an implementation flaw that may allow bypassing RBAC controls. Specifically, the component fails to properly validate clients when receiving mTLS API requests, particularly not verifying whether the Common Name (CN) field in the client TLS certificate matches the allowed values specified in the ConfigMap. Impact An attacker can communicate directly with the aggregation API server and impersonate the Kubernetes API server and its aggregator components, thereby bypassing existing RBAC controls. To successfully exploit this vulnerability, the attacker must possess a valid front-proxy certificate signed by a trusted CA and have network access to the service. Proof of Concept (PoC) By using a certificate with a different CN field, an attacker can bypass the aggregation layer's authentication and execute arbitrary API subresource requests. The detailed steps include forging a certificate, making API calls, and providing the correct authentication HTTP headers. Affected Components component Kubernetes aggregation layer resources related to virtual machine instances ``` The summary includes key details such as vulnerability type, affected scope, severity level, CVE ID, weakness type, discoverers, and a detailed description of the vulnerability and its impact. Additionally, it provides PoC steps for understanding and validation.