Introduction
A single misconfigured extension in a Kubernetes management platform can lead to compromise of entire cloud estates. Project Gardener, a widely adopted open-source system for automating Kubernetes cluster operations across multiple clouds, recently disclosed a critical code injection vulnerability in its provider extensions. This issue impacts AWS, Azure, OpenStack, and GCP integrations, and could allow attackers with administrative project access to take control of seed clusters and all managed shoot clusters.
About Project Gardener: Project Gardener is an open-source Kubernetes cluster management platform originally developed by SAP and now part of the Cloud Native Computing Foundation (CNCF). It enables organizations to automate the lifecycle of Kubernetes clusters across AWS, Azure, GCP, OpenStack, and other providers. Gardener is used by enterprises seeking multi-cloud flexibility and consistent cluster operations at scale.
Technical Information
CVE-2025-59823 is a code injection vulnerability (CWE-94) affecting Gardener's cloud provider extensions for AWS, Azure, OpenStack, and GCP. The flaw is present in the way these extensions handle user-supplied configuration data (specifically the providerConfig field in Infrastructure resources) before passing it to the Terraformer component.
Terraformer is responsible for provisioning cloud infrastructure using Terraform. The vulnerable extensions do not adequately sanitize or validate the providerConfig input, allowing an attacker with administrative privileges in a Gardener project to inject arbitrary code. When Terraformer processes this input, it executes the injected code with the privileges of the seed cluster, which manages all associated shoot clusters.
Root cause:
- Insufficient input validation and sanitization of
providerConfigin Infrastructure resources by extension controllers. - Direct passing of user-controlled configuration to Terraformer, which then executes it as part of the infrastructure provisioning process.
Impact:
- Full compromise of the seed cluster is possible.
- All shoot clusters managed by the compromised seed can be affected.
- The attack requires administrative privileges within a Gardener project, but these are commonly assigned in enterprise environments.
No public code snippets or vulnerable code lines are available in advisories or release notes. The vulnerability is systemic to the extension architecture and Terraformer integration.
Affected Systems and Versions
- Gardener Extension Provider AWS: All versions before 1.64.0
- Gardener Extension Provider Azure: All versions before 1.55.0
- Gardener Extension Provider OpenStack: All versions before 1.49.0
- Gardener Extension Provider GCP: All versions before 1.46.0
Vulnerable configurations:
- Any Gardener installation using Terraformer for infrastructure provisioning with the above provider extensions.
Vendor Security History
Project Gardener has previously addressed privilege escalation and extension-related vulnerabilities, including:
- CVE-2025-47283: Project secret validation bypass leading to privilege escalation.
- CVE-2025-47284: Issues in the gardenlet component affecting cluster management.
The vendor has demonstrated responsible disclosure and coordinated patching across all affected extensions, indicating a mature and responsive security process.