Roi Vazquez

1 exploit Active since Nov 2025
CVE-2025-64171 WRITEUP HIGH WRITEUP
marin3r <= 0.13.3 - Missing Authorization via DiscoveryServiceCertificate
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4.