CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e
https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv

Configurations

No configuration.

History

18 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-18 17:15

Updated : 2025-08-18 20:16

NVD link : CVE-2025-55205

Mitre link : CVE-2025-55205

CVE.ORG link : CVE-2025-55205

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

9.0 /10