Gardener Kubernetes Platform Exposes Critical Privilege Escalation Flaw (CVE-2025-47283)

A critical security vulnerability in the Gardener Kubernetes management platform could allow project administrators to seize control of the underlying seed clusters that manage their workloads. The flaw, tracked as CVE-2025-47283, represents a severe privilege escalation risk within the core `gardener/gardener` component, potentially compromising the entire multi-tenant control plane.

The vulnerability enables any user with administrative privileges over a Gardener project to escalate their access and gain control over the seed cluster(s) hosting their shoot clusters. This breach of trust boundary is not limited by cloud provider; it affects all Gardener installations regardless of the underlying infrastructure for seeds and shoots. The issue impacts all versions prior to the patched releases: v1.116.4, v1.117.5, v1.118.2, and v1.119.0.

This discovery places immediate pressure on all organizations using Gardener for Kubernetes-as-a-Service operations to apply the security patches. The flaw fundamentally undermines the platform's security model by allowing tenant-level administrators to breach the isolation protecting the management infrastructure. Failure to update exposes the core orchestration layer to takeover, risking the integrity and confidentiality of all managed clusters across potentially hybrid and multi-cloud environments.