CVSS: 7.5EPSS: 30%CPEs: 2EXPL: 0NotCVE-2025-0004 – Symlink Race in Go os.RemoveAll Allows Privileged File Deletion
https://notcve.org/view.php?id=NotCVE-2025-0004
30 Jun 2025 — The Go standard library function os.RemoveAll prior to Go 1.21.11 and 1.22.4 performs recursive directory deletion in a manner susceptible to a time-of-check/time-of-use (TOCTOU) race. An attacker able to swap the target directory with a symbolic link during deletion may redirect the traversal to unintended filesystem locations, allowing deletion of arbitrary files or directories. This behavior impacts any Go programs that perform recursive deletes on user-controlled paths without additional safeguards. Al... • https://github.com/kubernetes/kubernetes/issues/132267 • CWE-363: Race Condition Enabling Link Following •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0NotCVE-2025-0003 – Symlink Race in Kubernetes Volume Cleanup Enables Host Filesystem Deletion
https://notcve.org/view.php?id=NotCVE-2025-0003
30 Jun 2025 — Kubernetes releases compiled with vulnerable Go versions (prior to Go 1.21.11 / 1.22.4) are affected by a race condition in the os.RemoveAll function used during volume cleanup. A malicious container can exploit this by timing a symbolic link replacement to redirect the deletion operation outside the intended volume path. This can result in deletion of arbitrary files or directories on the host system, including data from other pods or host volumes, leading to data loss and potential privilege escalation. ... • https://github.com/kubernetes/kubernetes/issues/132267 • CWE-363: Race Condition Enabling Link Following •
CVSS: 4.1EPSS: 30%CPEs: 2EXPL: 0NotCVE-2025-0002 – IBM Instana /auth/SignIn returnUrl Parameter Open Redirect
https://notcve.org/view.php?id=NotCVE-2025-0002
13 Jun 2025 — In IBM Instana versions prior to UI Tag 1.267.675 (commit 7686ae51fb07) and Backend Tag 3.267.347-0 (commit 3c615d69755d), the /auth/SignIn endpoint accepts a returnUrl query parameter without adequate validation, creating an open-redirect condition. An attacker can craft a link such as https://instana.com/auth/signIn?returnUrl=https%3A%2F%2Fevil.example%2Fchangepassword%3Fuser%3Dadmin, and if a user who is already authenticated to Instana follows that link, the application immediately redirects the browser... • https://hackerone.com/reports/3149092 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 50%CPEs: 1EXPL: 0NotCVE-2025-0001 – Insufficient network isolation
https://notcve.org/view.php?id=NotCVE-2025-0001
05 Jun 2025 — When you run a container on the default Docker “bridge” network, Docker sets up NAT (Network Address Translation) rules using your system’s firewall (via iptables). For example, the following command forwards traffic from port 8080 on your host to port 80 in the container. docker run -d -p 8080:80 my-web-app However, if your host’s filter-FORWARD chain is permissive (i.e., ACCEPT by default) and net.ipv4.ip_forward is enabled, unpublished ports could also be remotely accessible under certain conditions. ... • https://www.docker.com/blog/docker-engine-28-hardening-container-networking-by-default/ • CWE-653: Improper Isolation or Compartmentalization •