Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-r2gh-rgtc-e3h4

Summary Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data.

Aliases

alias	CVE-2025-62714

alias	GHSA-5qjg-9mjh-4r92

Fixed_packages

url	pkg:golang/github.com/karmada-io/dashboard@0.2.0
purl	pkg:golang/github.com/karmada-io/dashboard@0.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/karmada-io/dashboard@0.2.0

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62714

reference_id

reference_type

scores

value	0.00682
scoring_system	epss
scoring_elements	0.72202
published_at	2026-06-13T12:55:00Z

value	0.00682
scoring_system	epss
scoring_elements	0.72198
published_at	2026-06-14T12:55:00Z

value	0.00682
scoring_system	epss
scoring_elements	0.72106
published_at	2026-06-11T12:55:00Z

value	0.00682
scoring_system	epss
scoring_elements	0.7219
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62714

reference_url

https://github.com/karmada-io/dashboard

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/karmada-io/dashboard

reference_url

https://github.com/karmada-io/dashboard/pull/271

reference_id

271

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/pull/271

reference_url

https://github.com/karmada-io/dashboard/pull/280

reference_id

280

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/pull/280

reference_url

https://github.com/karmada-io/dashboard/commit/8457b8bb87725e2371a638ca5a255fd2895c70f1

reference_id

8457b8bb87725e2371a638ca5a255fd2895c70f1

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/commit/8457b8bb87725e2371a638ca5a255fd2895c70f1

reference_url

https://github.com/karmada-io/dashboard/commit/d2d04909f25e96b4c20fa6b636c398bd1636ee06

reference_id

d2d04909f25e96b4c20fa6b636c398bd1636ee06

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/commit/d2d04909f25e96b4c20fa6b636c398bd1636ee06

reference_url

https://github.com/karmada-io/dashboard/security/advisories/GHSA-5qjg-9mjh-4r92

reference_id

GHSA-5qjg-9mjh-4r92

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/security/advisories/GHSA-5qjg-9mjh-4r92

reference_url

https://github.com/karmada-io/dashboard/releases/tag/v0.2.0

reference_id

v0.2.0

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-24T17:29:25Z/

url

https://github.com/karmada-io/dashboard/releases/tag/v0.2.0

Weaknesses

cwe_id	862
name	Missing Authorization
description	The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Exploits

Severity_range_score 8.7 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2gh-rgtc-e3h4

Vulnerability Instance