Appearance
MET-2025-002
Kubernetes C# client (CVE-2025-9708)
Skip to content
| Bulletin ID | MET-2025-002 |
|---|---|
| Date (published) | 2025-09-23T00:00:00.000Z |
| Date (last updated) | 2025-09-23T00:00:00.000Z |
| Severity | Informational |
Description
On Sep 16th, 2025, a vulnerability was published on Kubernetes C# client, where the library fails to properly validate server certificates when configured to use a custom CA, allowing network level attacker to perform a MitM attack if Kubernetes C# client is used over an untrusted network.
Affected Products/Services
Metaplay infrastructure and product are not affected by this vulnerability.
- MetaplaySDK does not use the Kubernetes C# client over an untrusted network.
Impact
None.
Solution
The vulnerable Kubernetes C# client can be updated to version 17.0.14 by applying the following patch. The patch has been tested to apply to MetaplaySDK versions 33 and 34. As the MetaplaySDK is not vulnerable, applying the patch is useful merely to silence any security scanner warnings.
MetaplaySDK/Backend/Cloud/Metaplay.Cloud.csproj
diff
- <PackageReference Include="KubernetesClient" Version="15.0.1" />
+ <PackageReference Include="KubernetesClient" Version="17.0.14" />CVE and CVSS Information
References
Contact Information
Security-related questions or concerns can be sent to security@metaplay.io.
Revision History
| Date | Description |
|---|---|
| 2025-09-23 | Security Bulletin released |