6.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-9708

GHSA ID

GHSA-w7r3-mgwf-4mqq

EPSS Score

0.0052%

CWE

CWE-295

Published

9/17/2025

Updated

9/17/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-9708

CVE-2025-9708: Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

(GitHub Advisory)

6.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-9708

GHSA ID

GHSA-w7r3-mgwf-4mqq

EPSS Score

0.0052%

CWE

CWE-295

Published

9/17/2025

Updated

9/17/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
KubernetesClient	nuget	< 17.0.14	17.0.14

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* vuln*r**ility *xists in t** Ku**rn*t*s *# *li*nt w**r* t** **rti*i**t* v*li**tion lo*i* ****pts prop*rly *onstru*t** **rti*i**t*s *rom *ny **rti*i**t* *ut*ority (**) wit*out prop*rly v*ri*yin* t** trust ***in. T*is *l*w *llows * m*li*ious **tor to

Reasoning

No *n*lysis *v*il**l*

6.8

Basic Information

Concerned about an active attack path?

CVE-2025-9708: Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain

6.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI