cve 2025 13281

CVE-2025-13281 is a half-blind Server-Side Request Forgery (SSRF) vulnerability in the Kubernetes kube-controller-manager, specifically affecting clusters using the in-tree Portworx StorageClass. The flaw can be triggered by any actor who can create pods requesting Portworx volumes, potentially leaking data from services visible only to the control plane's host network, including link-local and loopback endpoints. This tag covers discussions and analysis of the vulnerability, its impact on Kubernetes environments, and mitigation strategies for administrators managing Portworx-integrated clusters.