RCE in Kubernetes-sigs Headlamp
CVE-2025-53542
Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This issue arises due to the improper use of N…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.007 (47.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Kubernetes-sigs Headlamp — versions < 0.31.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-53542?
- CVE-2025-53542 is a high-severity vulnerability in Kubernetes-sigs Headlamp, classified under OS Command Injection. CVSS score: 7.7/10. Published 2025-07-10.
- How severe is CVE-2025-53542?
- High severity. CVSS v3 base score is 7.7 out of 10.