CVE-2025-2842 is a medium-severity vulnerability affecting the Tempo Operator, a Kubernetes operator managing Tempo instances used for distributed tracing and monitoring. The vulnerability arises when the Jaeger UI Monitor Tab functionality is enabled within a Tempo instance managed by the Tempo Operator. Under these conditions, the Operator creates a ClusterRoleBinding that grants the cluster-monitoring-view ClusterRole to the Service Account of the Tempo instance. This role binding inadvertently exposes sensitive cluster metrics to unauthorized users. Specifically, if an attacker or user has 'create' permissions on TempoStack resources and 'get' permissions on Secrets within a namespace (for example, if they hold ClusterAdmin privileges scoped to that namespace), they can read the token associated with the Tempo service account. Possession of this token allows the attacker to impersonate the Tempo service account and access all cluster metrics that the cluster-monitoring-view role permits. The vulnerability does not require user interaction and can be exploited remotely (network vector) with low attack complexity but requires some privileges (partial privileges in the namespace). The impact is limited to confidentiality loss of cluster metrics, with no direct impact on integrity or availability. No known exploits are currently reported in the wild. The CVSS 3.1 base score is 4.3, reflecting a medium severity level. The vulnerability highlights a privilege escalation vector through misconfigured role bindings and token exposure within Kubernetes environments using Tempo Operator with Jaeger UI Monitor Tab enabled.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive cluster monitoring data, which may include performance metrics, system health information, and potentially sensitive operational details. Such information could be leveraged by attackers for reconnaissance, facilitating further attacks or lateral movement within the infrastructure. Organizations relying on Kubernetes clusters for critical applications, especially those using Tempo Operator for observability, are at risk. The exposure of cluster metrics could also violate compliance requirements related to data confidentiality and operational security, particularly in regulated sectors such as finance, healthcare, and critical infrastructure. While the vulnerability does not directly compromise data integrity or availability, the leaked information could aid attackers in crafting more targeted and effective attacks. Given the increasing adoption of Kubernetes and observability tools in European enterprises, this vulnerability poses a moderate risk that requires timely mitigation to prevent potential exploitation.

To mitigate CVE-2025-2842, European organizations should: 1) Review and restrict permissions related to TempoStack resources and Secret access within namespaces, ensuring that only trusted users have 'create' permissions on TempoStack and 'get' permissions on Secrets. 2) Disable the Jaeger UI Monitor Tab functionality in Tempo instances if it is not essential, as this feature triggers the creation of the risky ClusterRoleBinding. 3) Audit existing ClusterRoleBindings and Service Account tokens associated with Tempo Operator to detect and remove any overly permissive bindings. 4) Implement strict RBAC policies that follow the principle of least privilege, limiting the scope of permissions granted to users and service accounts. 5) Monitor Kubernetes audit logs for unusual access patterns to Secrets and ClusterRoleBindings related to Tempo. 6) Stay updated with vendor patches or advisories addressing this vulnerability and apply them promptly once available. 7) Consider network segmentation and isolation of monitoring components to reduce the attack surface. These steps go beyond generic advice by focusing on the specific permission sets and feature configurations that enable this vulnerability.