CVE-2025-41240 Mounted Kubernetes Secrets under a predictable path located within the web server document root

🗓️ 24 Jul 2025 06:42:25Reported by vmwareType

Kubernetes Secrets mounted in web server root may allow unauthenticated access to sensitive data.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2025-41240	24 Jul 202506:42	–	attackerkb
Circl	CVE-2025-41240	29 Jul 202503:42	–	circl
CNNVD	Rucio Helm Charts 安全漏洞	24 Jul 202500:00	–	cnnvd
CVE	CVE-2025-41240	24 Jul 202506:42	–	cve
EUVD	EUVD-2025-22486	3 Oct 202520:07	–	euvd
NVD	CVE-2025-41240	24 Jul 202507:15	–	nvd
OSV	BIT-APPSMITH-2025-41240	23 Jul 202514:00	–	osv
OSV	BIT-DRUPAL-2025-41240	23 Jul 202514:00	–	osv
OSV	BIT-WORDPRESS-2025-41240	23 Jul 202514:00	–	osv
Positive Technologies	PT-2025-30604 · Bitnami · Appsmith +2	23 Jul 202500:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "packageName": "bitnamicharts/appsmith",
    "product": "bitnamicharts/appsmith",
    "vendor": "VMware",
    "versions": [
      {
        "lessThanOrEqual": "22.0.4",
        "status": "affected",
        "version": "21.2.0",
        "versionType": "Helm"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "bitnamicharts/drupal",
    "product": "bitnamicharts/drupal",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "6.0.19",
        "status": "affected",
        "version": "5.2.0",
        "versionType": "Helm"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "bitnamicharts/wordpress",
    "product": "bitnamicharts/wordpress",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "25.0.4",
        "status": "affected",
        "version": "24.2.0",
        "versionType": "Helm"
      }
    ]
  }
]

Source	Link
github	www.github.com/bitnami/charts/security/advisories/GHSA-wgg9-9qgw-529w

24 Jul 2025 06:42Current

CVSS 3.110

EPSS0.00696