A Persistent Security Hole in Kubernetes Finally Addressed
CVE-2025-1767 exposes root-level access on nodes via a deprecated volume plugin; Kubernetes 1.33 will disable it by default
The Kubernetes project has disclosed a medium-severity vulnerability (CVE-2025-1767) that affects all Kubernetes versions through the long-deprecated gitRepo volume driver. Despite being deprecated for over six years, the driver remained functional and exploitable, allowing users with pod creation permissions to achieve remote code execution on the underlying node.
The Vulnerability¶
At the center of the issue is the gitRepo volume plugin, a mechanism that allows pods to automatically clone and mount a Git repository via kubelet. While once a convenient feature, it has long been considered dangerous. In 2018, a Git-specific flaw (CVE-2018-11235) enabled attackers to embed malicious submodules, which were then executed as root via the gitRepo driver. Despite warnings and documentation updates, the plugin was never removed.
Fast forward to 2024: security researcher Imre Rad demonstrated a new, Kubernetes-specific attack using the same volume plugin. By crafting a repository that abuses the plugin’s optional directory parameter, an attacker can trick the kubelet into executing a malicious Git hook as root on the host node.
“The impact is code execution in the host’s security context... a sandbox escape.” — Imre Rad
The attack abuses how kubelet handles clone directories. If an attacker specifies a target directory like something/.git, the Git CLI treats this as a bare repo and executes post-checkout hooks placed there, all within the root context of the node.
Who is Affected?¶
Any cluster still using the gitRepo volume type is vulnerable. Specifically:
- Affected component: kubelet
- Affected versions: All
- Required privileges:
create pod - Scope: Intra-node; attacker must land on the same node as the target
The CVSS score is 6.5 (Medium), but the impact is significant due to root access on the host.
