Resource exhaustion in Volcano-sh Volcano

CVE-2025-32777

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause deni…

EPSS: 0.007 (71.3th percentile) — read the EPSS interpretation.

Affected products

Volcano-sh Volcano — versions >= 1.11.0, < 1.11.2, >= 1.10.0-alpha.0, < 1.10.2, < 1.9.1

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/volcano-sh/volcano/security/advisories/GHSA-hg79-fw4p-25p8 (x_refsource_CONFIRM)
https://github.com/volcano-sh/volcano/releases/tag/v1.10.2 (x_refsource_MISC)
https://github.com/volcano-sh/volcano/releases/tag/v1.11.0-network-topology-preview.3 (x_refsource_MISC)
https://github.com/volcano-sh/volcano/releases/tag/v1.11.2 (x_refsource_MISC)
https://github.com/volcano-sh/volcano/releases/tag/v1.12.0-alpha.2 (x_refsource_MISC)
https://github.com/volcano-sh/volcano/releases/tag/v1.9.1 (x_refsource_MISC)