{"schema_version":"1.3.1","id":"GO-2025-3741","modified":"2025-06-09T18:14:36Z","published":"2025-06-09T18:14:36Z","aliases":["CVE-2025-48710","GHSA-7633-x85h-5mqh"],"summary":"kro Confused Deputy vulnerability in github.com/kro-run/kro","details":"kro Confused Deputy vulnerability in github.com/kro-run/kro","affected":[{"package":{"name":"github.com/kro-run/kro","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.2.1"}]}],"ecosystem_specific":{}}],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-7633-x85h-5mqh"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48710"},{"type":"WEB","url":"https://github.com/kro-run/kro/compare/v0.2.1...v0.2.2"},{"type":"WEB","url":"https://orca.security/resources/blog/kubernetes-crd-abstraction-risks-kro"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3741","review_status":"UNREVIEWED"}}