What is CVE-2023-5528?

A high-severity privilege escalation vulnerability has been identified in Kubernetes for Windows nodes. Immediate action is required to mitigate potential risks to admin privileges. Patch your systems promptly.

What is the severity of CVE-2023-5528?

CVE-2023-5528 has a severity rating of HIGH with a CVSS base score of 7.2.

CVE-2023-5528 | High Vulnerability in Kubernetes

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. This vulnerability has a CVSS score of 7.2, indicating a high severity level.

The potential risk to organizations includes unauthorized access to sensitive resources and the ability to perform administrative actions on Windows nodes. Given the nature of this vulnerability, it is crucial for organizations using Kubernetes to assess their exposure and take immediate steps to remediate.

As of now, there are no known exploits publicly available for this vulnerability. However, the exploitation potential is high, and organizations should prioritize patching immediately.

Organizations leveraging Kubernetes for Windows should ensure they are running versions that have been patched against this vulnerability. The urgency for defenders is underscored by the potential impact on confidentiality, integrity, and availability of their systems.

Vulnerability Details

The vulnerability identified as CVE-2023-5528 allows for privilege escalation in Kubernetes environments. The vulnerability affects versions of Kubernetes using in-tree storage plugins on Windows nodes. The CVSS score of 7.2 indicates a high severity, with high impacts on confidentiality, integrity, and availability.

The vulnerability was published on November 14, 2023. The underlying issue is classified under CWE-20, indicating improper input validation, which could lead to privilege escalation. Organizations must take steps to ensure their systems are not vulnerable.

Technical Analysis

The root cause of this vulnerability lies in insufficient input sanitization in the in-tree storage plugin for Windows nodes. Attackers with the ability to create pods and persistent volumes can exploit this flaw to escalate privileges.

The attack vector is network-based, and the complexity is low. It requires high privileges, meaning that an attacker must already have some level of access to the Kubernetes environment. No user interaction is necessary for exploitation.

The impacts of successful exploitation include high confidentiality, integrity, and availability risks, allowing attackers to control Windows nodes and access sensitive data.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive resources, potential data breaches, and disruption of services. The blast radius could be significant, especially for organizations that rely heavily on Kubernetes for their applications.

Given the high CVSS score and the potential exploitation, organizations should prioritize patching this vulnerability as part of their urgent remediation efforts. The exploitation may result in severe impacts on both operational integrity and organizational reputation.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions of Kubernetes include all versions prior to vendor patch: 1.8.0 to 1.25.16 (exclusive), 1.26.0 to 1.26.11 (exclusive), 1.27.0 to 1.27.8 (exclusive), and 1.28.0 to 1.28.4 (exclusive).

Mitigation & Remediation

Organizations must ensure they are running the latest patched versions of Kubernetes. If a patch is unavailable, configuration hardening and network controls should be implemented. Regular monitoring and security assessments can help identify vulnerabilities.

For effective remediation, organizations should consider engaging in penetration testing to evaluate their security posture.

Detection Guidance

Organizations should monitor logs for unusual activity, especially from users with permissions to create pods and persistent volumes. Behavioral anomalies should be investigated promptly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-5528 lies in its potential to expose critical infrastructure to unauthorized control. Security teams should learn from this incident to enhance their defensive strategies against privilege escalation vulnerabilities.

It is crucial for organizations to maintain vigilance and continuously assess their Kubernetes environments for security weaknesses. Adopting a penetration testing methodology can help identify and remediate such vulnerabilities effectively.

Furthermore, organizations should consider implementing a vulnerability management program to systematically address security risks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-5528: High Vulnerability in Kubernetes