Description

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data.

INFO

Published Date :

2025-10-24T15:41:59.899Z

Last Modified :

2025-10-24T17:29:39.462Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62714 vulnerability.

Vendors Products
Karmada-io
  • Karmada
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62714.

URL Resource
https://github.com/karmada-io/dashboard/commit/8457b8bb87725e2371a638ca5a255fd2895c70f1 cve-icon cve-icon
https://github.com/karmada-io/dashboard/commit/d2d04909f25e96b4c20fa6b636c398bd1636ee06 cve-icon cve-icon
https://github.com/karmada-io/dashboard/pull/271 cve-icon cve-icon
https://github.com/karmada-io/dashboard/pull/280 cve-icon cve-icon
https://github.com/karmada-io/dashboard/releases/tag/v0.2.0 cve-icon cve-icon
https://github.com/karmada-io/dashboard/security/advisories/GHSA-5qjg-9mjh-4r92 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability