CVE-2025-58366 Overview
CVE-2025-58366 is a critical information disclosure vulnerability affecting Onyxia, a data science environment for Kubernetes. The Onyxia-API component leaks credentials of private Helm repositories through the public (unauthenticated) /public/catalogs endpoint. This vulnerability exposes sensitive authentication credentials to any unauthenticated attacker who can reach the API endpoint, potentially compromising private Helm repository access across the organization.
Critical Impact
Unauthenticated attackers can retrieve private Helm repository credentials, enabling unauthorized access to private chart repositories and potential supply chain attacks through compromised Helm charts.
Affected Products
- Onyxia-API versions 4.6.0 through 4.8.0
- Only instances configured with private Helm repositories (using username & password in catalogs configuration)
Discovery Timeline
- September 5, 2025 - CVE-2025-58366 published to NVD
- September 8, 2025 - Last updated in NVD database
Technical Details for CVE-2025-58366
Vulnerability Analysis
This vulnerability represents a sensitive data exposure issue classified under CWE-522 (Insufficiently Protected Credentials). The Onyxia-API component fails to properly sanitize or protect sensitive credential information when responding to requests at the /public/catalogs endpoint. This endpoint is designed to be publicly accessible without authentication, but it improperly includes the username and password configured for private Helm repositories in its responses.
The vulnerability allows remote attackers with network access to the Onyxia-API to enumerate and exfiltrate private Helm repository credentials without any authentication. This could lead to unauthorized access to private chart repositories, theft of proprietary Helm charts, and potential supply chain compromise if attackers modify charts in the private repositories.
Root Cause
The root cause of this vulnerability is insufficiently protected credentials in the API response handling. When administrators configure private Helm repositories with authentication credentials in the catalogs configuration, these credentials are inadvertently included in the JSON response returned by the /public/catalogs endpoint. The API failed to filter sensitive fields (username and password) before serializing and returning the catalog configuration to unauthenticated requesters.
Attack Vector
The attack vector is network-based and requires no user interaction or authentication. An attacker simply needs network access to the Onyxia-API endpoint. The attack can be executed by sending a standard HTTP GET request to the /public/catalogs endpoint and parsing the response for credential information.
The exploitation is straightforward: an unauthenticated attacker makes a request to the vulnerable endpoint and receives the complete catalog configuration, including any private Helm repository credentials. The attacker can then use these credentials to access the private Helm repositories directly, potentially downloading proprietary charts or, if write access is configured, uploading malicious charts.
Detection Methods for CVE-2025-58366
Indicators of Compromise
- Unexpected or high-volume requests to the /public/catalogs endpoint from external IP addresses
- Authentication attempts to private Helm repositories from unrecognized IP addresses or locations
- Access logs showing enumeration patterns against the Onyxia-API endpoints
- Unauthorized downloads or modifications in private Helm repository audit logs
Detection Strategies
- Monitor access logs for the /public/catalogs endpoint and alert on requests from untrusted sources
- Implement network monitoring to detect unusual outbound connections to Helm repository URLs
- Review private Helm repository access logs for authentication from IP addresses that don't match known Onyxia instances
- Deploy web application firewall (WAF) rules to monitor and log access patterns to API endpoints
Monitoring Recommendations
- Enable detailed logging for all Onyxia-API endpoints, particularly public-facing ones
- Set up alerts for credential usage from new or unexpected IP addresses in Helm repository systems
- Conduct periodic reviews of /public/catalogs endpoint responses to ensure no sensitive data leakage
- Implement anomaly detection for API request patterns to identify potential reconnaissance activity
How to Mitigate CVE-2025-58366
Immediate Actions Required
- Upgrade Onyxia-API to version 4.9.0 or later immediately
- Rotate all credentials configured for private Helm repositories
- Review access logs for the /public/catalogs endpoint to identify potential unauthorized access
- Audit private Helm repositories for any unauthorized modifications or access
- Temporarily restrict network access to the Onyxia-API if immediate upgrade is not possible
Patch Information
The vulnerability has been patched in Onyxia-API version 4.9.0. The fix ensures that sensitive credential information is properly sanitized from API responses before being returned to callers. Organizations should upgrade to version 4.9.0 or later as soon as possible.
For detailed patch information, refer to:
Workarounds
- Restrict network access to the Onyxia-API using firewall rules or network segmentation until the patch can be applied
- Remove or temporarily disable private Helm repository configurations that include credentials
- Implement a reverse proxy to filter or block access to the /public/catalogs endpoint from untrusted networks
- If possible, migrate to credential-less authentication methods such as service accounts or managed identities for Helm repository access
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
