Description

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.

INFO

Published Date :

2025-08-18T16:28:51.317Z

Last Modified :

2025-08-18T17:39:07.476Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55205 vulnerability.

Vendors Products
Projectcapsule
  • Capsule
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55205.

URL Resource
https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e cve-icon cve-icon
https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact