A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Published: 2025-12-14

CVSS: 5.8

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Download Exploit for CVE-2025-13281 here:

Use Tor Browser to access .onion links.

Check our team here:

https://tatramed.sk/exploit-1133-cve-2025-5399/

https://tatramed.sk/exploit-520-cve-2021-0115/

https://tatramed.sk/exploit-129-cve-2024-51978/

https://tatramed.sk/exploit-434-cve-2022-38181/

https://tatramed.sk/exploit-247-cve-2023-4211/