Platform
go
Component
github.com/gardener/gardener-extension-provider-aws
Fixed in
1.64.1
1.55.1
1.49.1
1.46.1
1.64.0
CVE-2025-59823 describes a critical code injection vulnerability discovered in the gardener.com/gardener-extension-provider-aws component. This flaw arises during infrastructure provisioning when utilizing Terraform, allowing attackers to inject malicious code. The vulnerability impacts versions before 1.64.0, and a patch has been released to address the issue.
The code injection vulnerability in gardener.com/gardener-extension-provider-aws poses a significant threat. An attacker who can influence the Terraform provisioning process can inject arbitrary code into the infrastructure being created. This could lead to complete system compromise, including unauthorized access to sensitive data, modification of system configurations, and the potential for lateral movement within the Gardener cluster. The impact is particularly severe because Terraform is often used for automated infrastructure deployment, making it a prime target for attackers seeking to gain control over the entire environment. Successful exploitation could allow an attacker to establish a persistent foothold and exfiltrate sensitive information.
While specific exploitation details remain limited, the CRITICAL CVSS score indicates a high likelihood of exploitation. The vulnerability's nature – code injection during infrastructure provisioning – makes it a potentially attractive target for attackers. Public proof-of-concept code is currently unavailable, but the potential for widespread impact warrants immediate attention. This CVE was published on 2025-10-23.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59823 is to immediately upgrade to version 1.64.0 or later of gardener.com/gardener-extension-provider-aws. If an immediate upgrade is not feasible due to compatibility concerns or breaking changes, consider implementing stricter input validation and sanitization within your Terraform configurations to prevent malicious code from being injected. Review and audit all Terraform templates and scripts used for infrastructure provisioning. Additionally, restrict access to Terraform state files to prevent unauthorized modifications. After upgrading, verify the fix by attempting to trigger a Terraform provisioning process with a known malicious payload and confirming that it is properly sanitized and rejected.
Update Gardener extensions for AWS to version 1.64.0, Azure to version 1.55.0, OpenStack to version 1.49.0, and GCP to version 1.46.0 or higher. This corrects the code injection vulnerability when using Terraform for infrastructure provisioning. Ensure you update all affected extensions in your Gardener environment.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59823 is a critical code injection vulnerability affecting gardener.com/gardener-extension-provider-aws versions before 1.64.0. It allows attackers to inject malicious code during Terraform infrastructure provisioning, potentially leading to system compromise.
If you are using gardener.com/gardener-extension-provider-aws versions prior to 1.64.0 and utilize Terraform for infrastructure provisioning, you are potentially affected by this vulnerability.
Upgrade to version 1.64.0 or later of gardener.com/gardener-extension-provider-aws. If immediate upgrade is not possible, implement stricter input validation in your Terraform configurations.
While no active exploitation has been publicly confirmed, the CRITICAL severity and the nature of the vulnerability suggest a high likelihood of exploitation.
Refer to the official Gardener documentation and security advisories for the most up-to-date information regarding CVE-2025-59823: [https://docs.gardener.cloud/security/advisories/](https://docs.gardener.cloud/security/advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.