CVE-2025-55205 is a critical security vulnerability identified in the Capsule project, a multi-tenancy and policy-based framework designed for Kubernetes environments. The vulnerability stems from incorrect authorization controls (CWE-863) in Capsule versions prior to 0.10.4. Specifically, authenticated tenant users can exploit a namespace label injection flaw to insert arbitrary labels into protected system namespaces such as kube-system, default, and capsule-system. These namespaces are intended to be isolated from tenant-level access to maintain strict multi-tenant boundaries. By injecting labels into these namespaces, attackers can bypass Capsule's multi-tenant isolation mechanisms and manipulate TenantResource selectors to gain unauthorized access to resources belonging to other tenants. This effectively breaks the fundamental security guarantees of Capsule, enabling privilege escalation within the Kubernetes cluster. The vulnerability requires the attacker to be an authenticated tenant user and involves user interaction (e.g., label injection actions). The CVSS v3.1 score of 9.1 reflects the critical nature of this flaw, with high impact on confidentiality, integrity, and availability, and a scope that affects the entire cluster due to the cross-tenant access it enables. Although no known exploits are currently reported in the wild, the potential for severe damage in multi-tenant Kubernetes environments is significant. The issue is resolved in Capsule version 0.10.4, where proper authorization checks prevent label injection into system namespaces.

For European organizations leveraging Kubernetes clusters with Capsule for multi-tenancy, this vulnerability poses a severe risk. Exploitation allows malicious tenant users to escalate privileges and access or manipulate resources across tenant boundaries, undermining data confidentiality and integrity. This can lead to unauthorized data exposure, service disruption, and potential lateral movement within the cluster. Organizations operating in regulated sectors such as finance, healthcare, and critical infrastructure could face compliance violations (e.g., GDPR) due to unauthorized data access. The availability of cluster services may also be impacted if attackers manipulate system namespaces or resources. Given the widespread adoption of Kubernetes and the increasing use of multi-tenant frameworks like Capsule in cloud-native deployments across Europe, this vulnerability could affect a broad range of enterprises, cloud providers, and managed service operators. The critical severity and ease of exploitation by authenticated users make timely remediation essential to prevent potential breaches and operational disruptions.

European organizations should immediately upgrade Capsule to version 0.10.4 or later to remediate this vulnerability. Until the upgrade is applied, organizations should enforce strict access controls to limit tenant user permissions and monitor for suspicious label injection activities in system namespaces. Implementing Kubernetes Role-Based Access Control (RBAC) policies that restrict label modifications on system namespaces can provide temporary mitigation. Additionally, auditing and logging of namespace label changes should be enabled to detect potential exploitation attempts. Organizations should also review their tenant onboarding and authentication processes to ensure only trusted users have access to Capsule-managed clusters. Regular vulnerability scanning and penetration testing focused on multi-tenant isolation controls can help identify similar authorization weaknesses. Finally, educating DevOps and security teams about the risks of namespace label injection and the importance of applying security patches promptly is critical.