CVE-2021-25737 Overview
CVE-2021-25737 is a security issue in Kubernetes that allows a user to redirect pod traffic to private networks on a Node. Kubernetes prevents the creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. An authenticated user with permission to create EndpointSlice objects can abuse the missing check to influence pod network traffic. The flaw is tracked under CWE-184 (Incomplete List of Disallowed Inputs) and CWE-601 (URL Redirection to Untrusted Site).
Critical Impact
Authenticated users able to create EndpointSlice resources can redirect cluster traffic to localhost or link-local addresses on a Node, exposing internal services that bypass standard Endpoint validation.
Affected Products
- Kubernetes versions prior to 1.18.18
- Kubernetes versions 1.19.0 through 1.19.10
- Kubernetes versions 1.20.0 through 1.20.6 and 1.21.0
Discovery Timeline
- 2021-09-06 - CVE CVE-2021-25737 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-25737
Vulnerability Analysis
Kubernetes uses Endpoints and EndpointSlice resources to expose the network locations backing a Service. Endpoints objects enforce a validation rule that rejects IPs in the loopback range (127.0.0.0/8) and the link-local range (169.254.0.0/16). EndpointSlice, introduced as a scalable successor to Endpoints, did not enforce the equivalent restriction.
A user with permission to create or modify EndpointSlice objects can register backend IPs pointing to addresses on the Node itself, such as 127.0.0.1 or 169.254.169.254. Traffic destined for the associated Service then routes to private interfaces, including cloud provider metadata endpoints and host-local management services. The attacker gains a path to information that normally would not be reachable through pod networking.
The vulnerability requires authenticated access with high privileges (PR:H) and user interaction (UI:R), and the scope is changed because the impact crosses the trust boundary from the pod network to the Node. Confidentiality and integrity impact are rated low, with no availability impact.
Root Cause
The root cause is an incomplete denylist [CWE-184]. The Endpoints admission and validation logic blocks reserved IP ranges, but the parallel logic added for EndpointSlice did not replicate that check. The omission allowed crafted EndpointSlice entries to reference IPs that the Endpoints API would have rejected.
Attack Vector
An attacker with rights to create EndpointSlice objects supplies a backing IP in a normally disallowed range. When a Service selects the EndpointSlice, kube-proxy programs the Node's data plane to forward Service traffic to that IP. Workloads or cluster components consuming the Service connect to the Node-local target, enabling redirection [CWE-601] to instance metadata services, internal management interfaces, or other private networks reachable from the Node.
No verified proof-of-concept code is published for this issue. See the Kubernetes GitHub issue 102106 and the Kubernetes security announcement for upstream technical details.
Detection Methods for CVE-2021-25737
Indicators of Compromise
- EndpointSlice objects containing addresses in 127.0.0.0/8, 169.254.0.0/16, or other Node-local ranges.
- Service traffic from pods reaching the cloud provider metadata endpoint 169.254.169.254 when no such egress is expected.
- Audit log entries showing create or update actions on discovery.k8s.io/v1 EndpointSlice resources by non-system principals.
Detection Strategies
- Inspect every EndpointSlice in the cluster with kubectl get endpointslices -A -o json and flag entries whose endpoints[].addresses fall inside loopback or link-local ranges.
- Enable Kubernetes API audit logging and alert on EndpointSlice mutations performed by accounts that do not normally manage Services.
- Deploy an admission controller policy (Kyverno, OPA Gatekeeper) that rejects EndpointSlice objects referencing disallowed CIDRs.
Monitoring Recommendations
- Forward kube-apiserver audit logs and Node network flow data into a centralized analytics platform for correlation.
- Monitor pod-to-metadata-service connectivity and alert on unexpected access to 169.254.169.254 from workload namespaces.
- Track RBAC bindings that grant create or patch on endpointslices and review them on a recurring schedule.
How to Mitigate CVE-2021-25737
Immediate Actions Required
- Upgrade kube-apiserver to a fixed release: 1.21.1, 1.20.7, 1.19.11, or 1.18.18 or later.
- Audit existing EndpointSlice objects for disallowed IPs and remove or correct any malicious entries.
- Restrict RBAC permissions on endpointslices.discovery.k8s.io so only trusted controllers and operators can write them.
Patch Information
The Kubernetes project addressed the issue by extending the IP range validation applied to Endpoints to also cover EndpointSlice resources. Fixed versions are listed in the Kubernetes security announcement. Downstream distributions, including those covered by the NetApp security advisory, shipped corresponding updates.
Workarounds
- Apply an admission policy that denies EndpointSlice objects whose addresses fall in 127.0.0.0/8 or 169.254.0.0/16.
- Limit EndpointSlice write access using RBAC and avoid granting cluster-wide endpointslices permissions to namespace users.
- Block pod egress to the Node metadata IP 169.254.169.254 with a NetworkPolicy or CNI-level egress rule where workloads do not require it.
# Example Kyverno policy denying disallowed EndpointSlice IPs
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: block-endpointslice-localhost
spec:
validationFailureAction: Enforce
rules:
- name: deny-loopback-and-linklocal
match:
any:
- resources:
kinds:
- EndpointSlice
validate:
message: "EndpointSlice addresses in loopback or link-local ranges are not allowed."
deny:
conditions:
any:
- key: "{{ request.object.endpoints[].addresses[] }}"
operator: AnyIn
value:
- "127.0.0.0/8"
- "169.254.0.0/16"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
