CVE-2025-58366 is a critical vulnerability affecting Onyxia, a data science environment designed for Kubernetes, developed by InseeFrLab. The vulnerability exists in versions 4.6.0 through 4.8.0 of Onyxia-API, where the /public/catalogs endpoint, which is publicly accessible without authentication, inadvertently exposes credentials for private Helm repositories. Specifically, when private Helm repositories are configured with usernames and passwords in the catalogs configuration, these sensitive credentials are leaked through this unauthenticated endpoint. This exposure allows any unauthenticated attacker to retrieve private repository credentials, potentially enabling unauthorized access to private Helm charts and related resources. The vulnerability is classified under CWE-522, indicating insufficiently protected credentials. The CVSS 4.0 score is 9.4 (critical), reflecting the high impact on confidentiality and integrity, ease of exploitation (network attack vector, no user interaction required), and the broad scope of affected systems using private Helm repositories. The vulnerability does not require prior authentication, making it highly exploitable remotely. The issue has been addressed in Onyxia version 4.9.0, where the credentials leak has been fixed. No known exploits in the wild have been reported yet, but the critical severity and nature of the vulnerability suggest a high risk if left unpatched.

For European organizations utilizing Onyxia in their Kubernetes environments, especially those relying on private Helm repositories for managing internal or proprietary software packages, this vulnerability poses a significant risk. Exposure of private Helm repository credentials can lead to unauthorized access to sensitive software packages, enabling attackers to inject malicious code, disrupt software supply chains, or exfiltrate intellectual property. This can compromise the integrity and confidentiality of the software deployment pipeline and potentially lead to broader system compromise if malicious Helm charts are deployed. The public availability of the vulnerable endpoint means attackers can exploit this without any authentication, increasing the likelihood of exploitation. Organizations in sectors with high reliance on data science and Kubernetes orchestration, such as finance, healthcare, research institutions, and critical infrastructure, may face severe operational and reputational damage. Additionally, regulatory compliance risks arise due to potential data breaches involving sensitive credentials, which could trigger GDPR-related penalties.

1. Immediate upgrade of Onyxia to version 4.9.0 or later, where the vulnerability is patched, is the most effective mitigation. 2. Until the upgrade is applied, restrict access to the /public/catalogs endpoint via network-level controls such as firewalls or API gateways to limit exposure to trusted users only. 3. Review and rotate all credentials for private Helm repositories that were potentially exposed through the vulnerable endpoint to prevent unauthorized access. 4. Implement strict access controls and monitoring on private Helm repositories to detect any unauthorized access or anomalous activity. 5. Employ Kubernetes network policies to limit external access to Onyxia APIs and endpoints. 6. Conduct an audit of all Onyxia deployments to identify instances using private Helm repositories and verify they are updated or mitigated accordingly. 7. Educate DevOps and security teams about the risks of exposing sensitive credentials in publicly accessible endpoints and enforce secure configuration management practices.