ThermaKube Master Allows Malicious Requests to Access Unintended Network Locations

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

ThermaKube Master Allows Malicious Requests to Access Unintended Network Locations

CVE-2025-70042

Summary

A security issue was found in the oslabs-beta version of ThermaKube's master component. This issue allows an attacker to trick the system into accessing unauthorized network locations, potentially leading to data breaches or other security risks. Users are advised to update to a patched version of ThermaKube to prevent this vulnerability.

Original title

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.

Original description

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://gist.github.com/zcxlighthouse/5a6d15611456de619e4be36f7d2a0ee7
https://github.com/oslabs-beta
https://github.com/oslabs-beta/ThermaKube

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026