CVE-2025-29922 Overview
CVE-2025-29922 is a critical authorization bypass vulnerability in kcp, a Kubernetes-like control plane designed for form-factors and use-cases beyond traditional Kubernetes and container workloads. This vulnerability allows attackers to create or delete objects via the APIExport VirtualWorkspace in arbitrary target workspaces for pre-existing resources, bypassing the intended access control mechanisms.
Critical Impact
Attackers with low-level privileges can bypass workspace authorization controls to create and delete objects in any arbitrary workspace, even when no APIBinding exists or when permission claims have been explicitly rejected by workspace owners.
Affected Products
- kcp versions prior to 0.26.3
- kcp versions prior to 0.27.0
Discovery Timeline
- 2025-03-20 - CVE CVE-2025-29922 published to NVD
- 2025-03-20 - Last updated in NVD database
Technical Details for CVE-2025-29922
Vulnerability Analysis
This vulnerability is classified as CWE-285 (Improper Authorization), representing a fundamental flaw in the access control implementation within kcp's APIExport VirtualWorkspace component. The vulnerability allows unauthorized manipulation of resources across workspace boundaries, violating the principle of least privilege that should govern multi-tenant environments.
By design, the APIExport VirtualWorkspace should only permit cross-workspace operations when workspace owners explicitly grant access to API providers through the creation of an APIBinding. This authorization model ensures that workspace isolation is maintained and that API providers cannot manipulate resources without explicit consent from workspace owners.
The vulnerability undermines this security model entirely, allowing attackers to bypass both the APIBinding requirement and any rejected permission claims, effectively granting them unauthorized access to create and delete objects in any target workspace.
Root Cause
The root cause of this vulnerability lies in the improper authorization checks within the APIExport VirtualWorkspace's binding authorizer component. The authorization logic failed to properly validate whether an APIBinding existed in the target workspace or whether the workspace owner had accepted the necessary permission claims before allowing create and delete operations.
The fix introduced a new binding authorizer in pkg/virtual/apiexport/authorizer/binding.go that properly validates APIBinding presence and permission claim acceptance before authorizing cross-workspace operations.
Attack Vector
The attack can be executed remotely over the network by any authenticated user with low-level privileges. The attacker does not require any user interaction to exploit this vulnerability, and the scope is changed, meaning the vulnerability can affect resources beyond the vulnerable component's security scope.
An attacker could exploit this vulnerability by:
- Authenticating to the kcp control plane with minimal privileges
- Targeting any arbitrary workspace via the APIExport VirtualWorkspace
- Creating or deleting pre-existing resource types without requiring an APIBinding
- Bypassing explicitly rejected permission claims set by workspace owners
// Security patch introducing proper binding authorization
// Source: https://github.com/kcp-dev/kcp/commit/614ecbf35f11db00f65391ab6fbb1547ca8b5d38
+/*
+Copyright 2025 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authorizer
+
+import (
+ "context"
+ "fmt"
+ "slices"
+ "strings"
+
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/apiserver/pkg/authorization/authorizer"
+ genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
+
+ kcpkubernetesclientset "github.com/kcp-dev/client-go/kubernetes"
+ "github.com/kcp-dev/logicalcluster/v3"
Source: GitHub Commit Update
Detection Methods for CVE-2025-29922
Indicators of Compromise
- Unexpected object creation or deletion events in workspaces without corresponding APIBinding resources
- API audit logs showing cross-workspace operations from users without proper APIBinding permissions
- Resource modifications in workspaces where permission claims were explicitly rejected
- Unusual activity patterns in the APIExport VirtualWorkspace endpoint
Detection Strategies
- Monitor kcp audit logs for APIExport VirtualWorkspace operations targeting workspaces without valid APIBindings
- Implement alerts for create/delete operations on pre-existing resources across workspace boundaries
- Review API server logs for authorization decisions that may indicate bypass attempts
- Deploy runtime security monitoring to detect anomalous cross-workspace resource manipulation
Monitoring Recommendations
- Enable comprehensive audit logging for all APIExport VirtualWorkspace operations
- Configure alerting thresholds for cross-workspace operations exceeding baseline activity
- Implement workspace inventory tracking to detect unauthorized resource creation or deletion
- Regularly audit APIBinding configurations across all workspaces to establish normal patterns
How to Mitigate CVE-2025-29922
Immediate Actions Required
- Upgrade kcp to version 0.26.3 or 0.27.0 immediately to address this vulnerability
- Audit all workspaces for unauthorized resource modifications that may have occurred prior to patching
- Review API audit logs for evidence of exploitation attempts
- Verify APIBinding configurations across all workspaces to ensure proper access controls
Patch Information
The kcp development team has released security patches in versions 0.26.3 and 0.27.0. The fix introduces a proper binding authorizer that validates APIBinding presence and permission claim acceptance before authorizing cross-workspace create and delete operations.
For detailed patch information, refer to:
Workarounds
- Restrict network access to the kcp control plane to trusted users and services only
- Implement additional network-level access controls to limit APIExport VirtualWorkspace exposure
- Monitor and audit all cross-workspace operations until patches can be applied
- Consider temporarily disabling APIExport functionality if not operationally required
# Verify kcp version after upgrade
kcp version
# Check for vulnerable versions
kubectl get deployment -n kcp-system -o jsonpath='{.items[*].spec.template.spec.containers[*].image}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
