The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-5187

CVE-2025-5187: Kubernetes Privilege Escalation Vulnerability

CVE-2025-5187 is a privilege escalation vulnerability in Kubernetes NodeRestriction admission controller allowing node users to delete node objects. This article covers technical details, affected versions, and mitigations.

Published: April 1, 2026

CVE-2025-5187 Overview

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters that allows node users to delete their corresponding node object through an improper authorization bypass. By patching themselves with an OwnerReference pointing to a cluster-scoped resource, attackers with node-level access can trigger garbage collection deletion of the node object. If the referenced OwnerReference resource does not exist or is subsequently deleted, the Kubernetes garbage collector will automatically delete the given node object.

This vulnerability represents an Improper Access Control weakness (CWE-863) where the NodeRestriction admission controller fails to properly validate OwnerReference patches, allowing nodes to establish unauthorized ownership relationships that can be exploited for node deletion.

Critical Impact

Attackers with node credentials can force deletion of node objects through garbage collection bypass, potentially disrupting cluster operations and workload availability.

Affected Products

  • Kubernetes clusters with NodeRestriction admission controller enabled
  • Kubernetes API Server with default admission controller configuration
  • Multi-tenant Kubernetes environments with shared node access

Discovery Timeline

  • 2025-08-27 - CVE CVE-2025-5187 published to NVD
  • 2025-08-29 - Last updated in NVD database

Technical Details for CVE-2025-5187

Vulnerability Analysis

The vulnerability resides in the NodeRestriction admission controller, a critical Kubernetes security component designed to limit what node and pod objects kubelet processes can modify. The admission controller is intended to prevent nodes from modifying certain fields of their own node objects to maintain cluster integrity.

The core issue stems from insufficient validation of OwnerReference patches. In Kubernetes, OwnerReferences define parent-child relationships between objects, and when a parent object is deleted, the garbage collector automatically removes dependent child objects. The NodeRestriction admission controller fails to properly restrict nodes from setting arbitrary OwnerReferences on their own node objects.

An attacker who has compromised node credentials or has kubelet-level access can exploit this by patching the node object to include an OwnerReference pointing to a non-existent or soon-to-be-deleted cluster-scoped resource. When that resource doesn't exist or gets deleted, Kubernetes' garbage collection mechanism interprets the node object as orphaned and schedules it for deletion.

Root Cause

The root cause is improper authorization validation in the NodeRestriction admission controller (CWE-863 - Incorrect Authorization). The controller does not adequately restrict modifications to the metadata.ownerReferences field of node objects, allowing nodes to establish unauthorized parent-child relationships with cluster-scoped resources. This oversight enables abuse of the garbage collection mechanism for unauthorized object deletion.

Attack Vector

The attack is network-accessible and requires high privileges (node-level credentials). An attacker must have access to valid kubelet credentials or equivalent node authentication to make API requests on behalf of a node. The attacker then submits a PATCH request to the Kubernetes API server to modify their node object's metadata.ownerReferences field, pointing to either a non-existent cluster-scoped resource or a resource they know will be deleted. Once the garbage collector processes this relationship and finds the parent missing, it will delete the node object as part of its normal orphan cleanup procedures.

The attack does not require user interaction and has a contained scope, primarily impacting the availability of the targeted node and any workloads scheduled on it.

Detection Methods for CVE-2025-5187

Indicators of Compromise

  • Unexpected modifications to node object metadata.ownerReferences fields in API audit logs
  • Node objects suddenly acquiring OwnerReferences to cluster-scoped resources
  • Unusual node deletions triggered by garbage collection rather than explicit delete requests
  • API audit entries showing PATCH requests to node objects from kubelet credentials modifying ownerReferences

Detection Strategies

  • Enable and monitor Kubernetes API audit logs for PATCH operations on node objects that modify metadata.ownerReferences
  • Create alerting rules for node deletions that correlate with recent OwnerReference modifications
  • Implement Open Policy Agent (OPA) Gatekeeper policies to detect and alert on suspicious OwnerReference patterns on node objects
  • Monitor garbage collector logs for unexpected node object orphan deletions

Monitoring Recommendations

  • Configure audit policy to log all node object mutations at the RequestResponse level
  • Set up SIEM alerts for OwnerReference modifications on node-type Kubernetes objects
  • Implement continuous monitoring for node count anomalies that may indicate unauthorized deletions
  • Review kubelet authentication and authorization configurations to ensure least-privilege access

How to Mitigate CVE-2025-5187

Immediate Actions Required

  • Review Kubernetes API audit logs for any suspicious PATCH operations on node objects involving OwnerReference modifications
  • Implement additional admission controller policies (e.g., OPA Gatekeeper) to restrict OwnerReference modifications on node objects
  • Audit node credential distribution and ensure kubelet credentials are properly protected
  • Consider network policies to limit API server access from node networks where possible

Patch Information

Organizations should monitor the Kubernetes Security Announcements mailing list and the GitHub Issue Discussion for official patch releases. Apply Kubernetes updates as they become available from the Kubernetes project.

Consult your Kubernetes distribution vendor (e.g., GKE, EKS, AKS, OpenShift) for distribution-specific patch availability and guidance.

Workarounds

  • Deploy OPA Gatekeeper or Kyverno policies that explicitly deny modifications to metadata.ownerReferences on node objects from node-level service accounts
  • Implement strict RBAC policies limiting which principals can modify node objects
  • Enable additional audit logging to detect exploitation attempts before patches are applied
  • Consider implementing network segmentation to restrict kubelet access to the API server from untrusted network segments
bash
# Example: Monitor for suspicious OwnerReference patches on nodes via audit logs
kubectl get events --field-selector reason=OwnerReferencePatch --all-namespaces

# Review recent modifications to node objects
kubectl get nodes -o json | jq '.items[].metadata.ownerReferences // empty'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePrivilege Escalation
  • Vendor/TechKubernetes
  • SeverityMEDIUM
  • CVSS Score6.7
  • EPSS Probability0.03%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityLow
  • CWE References
  • CWE-863
  • Technical References
  • GitHub Issue Discussion
  • Google Groups Security Announcement
  • Related CVEs
  • CVE-2024-9486: Kubernetes Image Builder Privilege Escalation
  • CVE-2025-7342: Kubernetes Image Builder Privilege Escalation
  • CVE-2023-3893: Kubernetes CSI Proxy Privilege Escalation
  • CVE-2025-4563: Kubernetes Privilege Escalation Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English