CVE-2025-61916 Overview
CVE-2025-61916 is a Server-Side Request Forgery (SSRF) vulnerability affecting Spinnaker, the open source multi-cloud continuous delivery platform. This vulnerability allows authenticated users to fetch data from remote URLs, which can then be injected into Spinnaker pipelines through Helm or other methods to extract sensitive information including cloud metadata and authentication credentials.
Critical Impact
Attackers can exploit this SSRF vulnerability to access internal network resources, extract cloud provider metadata (such as AWS IMDSv1 authentication data), and potentially expose credentials to arbitrary endpoints including GitHub authentication headers.
Affected Products
- Spinnaker versions prior to 2025.1.6
- Spinnaker versions prior to 2025.2.3
- Spinnaker versions prior to 2025.3.0
Discovery Timeline
- 2026-01-05 - CVE CVE-2025-61916 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-61916
Vulnerability Analysis
This SSRF vulnerability exists in Spinnaker's artifact handling functionality. The platform allows various artifact providers including GitHub file artifacts, BitBucket, GitLab, HTTP artifacts, and similar providers to accept user-controlled URLs. When an artifact provider that allows user input is enabled, attackers can craft requests that cause Spinnaker to fetch data from arbitrary URLs, including internal network resources and cloud metadata endpoints.
The vulnerability becomes exploitable when two conditions are met: First, an artifact provider that accepts user input must be enabled (including the "no-auth" HTTP provider that is automatically added when enabling the HTTP artifact provider). Second, a system capable of consuming the artifact output must be present, such as Rosco Helm for fetching values data or Kubernetes account manifests for JSON API responses.
Root Cause
The root cause of this vulnerability is improper input validation (CWE-20) in Spinnaker's artifact URL handling. The platform fails to adequately validate and restrict user-supplied URLs before making server-side requests, allowing attackers to specify arbitrary destinations including internal services and cloud metadata endpoints.
Attack Vector
The attack requires local access with low privileges and no user interaction. An attacker with access to a Spinnaker installation can exploit this vulnerability by:
- Identifying enabled artifact providers that accept user-controlled URLs
- Crafting artifact configurations pointing to internal resources or cloud metadata endpoints
- Triggering pipeline execution that processes these artifacts
- Extracting sensitive data from the artifact responses, including cloud credentials and internal API responses
The vulnerability allows calling internal Spinnaker APIs via GET requests and similar endpoints. Additionally, depending on the artifact type, authentication data may be exposed to arbitrary endpoints (e.g., GitHub authentication headers being sent to attacker-controlled servers).
Detection Methods for CVE-2025-61916
Indicators of Compromise
- Unusual artifact fetch requests to internal IP addresses or cloud metadata endpoints (e.g., 169.254.169.254)
- Pipeline configurations containing suspicious URLs pointing to internal resources
- Unexpected outbound requests from Spinnaker services to non-standard endpoints
- HTTP artifact configurations referencing link-local addresses or internal hostnames
Detection Strategies
- Monitor Spinnaker artifact fetch logs for requests to internal IP ranges and cloud metadata services
- Implement network-level detection for outbound requests from Spinnaker to unexpected destinations
- Audit pipeline configurations for artifact URLs pointing to sensitive internal resources
- Review authentication header exposure patterns in outbound requests
Monitoring Recommendations
- Enable verbose logging for artifact provider operations to capture URL fetch attempts
- Configure alerts for requests to cloud metadata endpoints from Spinnaker services
- Monitor for new HTTP artifact account types being created with permissive URL configurations
- Implement OPA policies to flag pipelines with potentially malicious artifact URLs
How to Mitigate CVE-2025-61916
Immediate Actions Required
- Upgrade Spinnaker to version 2025.1.6, 2025.2.3, or 2025.3.0 or later immediately
- Audit existing artifact configurations for suspicious or overly permissive URL patterns
- Disable HTTP artifact account types that allow arbitrary user input if immediate patching is not possible
- Review pipeline execution logs for evidence of exploitation attempts
Patch Information
The vulnerability is fixed in Spinnaker versions 2025.1.6, 2025.2.3, and 2025.3.0. Users should upgrade to one of these versions or later to remediate the vulnerability. For detailed information about the fix, refer to the GitHub Security Advisory.
Workarounds
- Disable HTTP account types that allow user input of arbitrary URLs (note: this may not be feasible in most production environments)
- Use Git, Docker, and other artifact account types with explicit URL configurations, as these bypass the vulnerability by limiting artifact URL loading
- Implement OPA (Open Policy Agent) policies to restrict pipelines from accessing or saving configurations with invalid URLs
- Configure network-level restrictions to block Spinnaker services from accessing cloud metadata endpoints and internal resources
# Example: Restrict outbound traffic from Spinnaker to metadata endpoints
# Add iptables rules to block access to cloud metadata services
iptables -A OUTPUT -d 169.254.169.254 -j DROP
iptables -A OUTPUT -d 169.254.170.2 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
