CVE-2025-32777
EPSS 0.65%Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano
Published: 4/30/2025Modified: 3/3/2026
Description
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano
Affected packages (2)
- Go/volcano.sh/volcanofrom 0, < 1.9.1
- Go/volcano.sh/volcanofrom 0, < 1.9.1, >= 1.10.0-alpha.0, < 1.10.2, >= 1.11.0-network-topology-preview.0, < 1.11.0-network-topology-preview.3, >= 1.11.0, < 1.11.2, >= 1.12.0-alpha.0, < 1.12.0-alpha.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H |
References (14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-32777
- PATCHhttps://github.com/volcano-sh/volcano
- WEBhttps://github.com/volcano-sh/volcano/commit/45a4347471a5254121d10afef04c6732095fa398
- WEBhttps://github.com/volcano-sh/volcano/commit/7103c18de19821cd278f949fa24c13da350a8c5d
- WEBhttps://github.com/volcano-sh/volcano/commit/735842af59b9be0da5090677db7693c98a798b2a
- WEBhttps://github.com/volcano-sh/volcano/commit/7c0ea53fa3cfa7a05b5fba7a8af7bfe88adc41c3
- WEBhttps://github.com/volcano-sh/volcano/commit/d687f75a11fa36f37b54e4b6ff8e49bc0a3ca6b4
- WEBhttps://github.com/volcano-sh/volcano/releases/tag/v1.10.2
- WEBhttps://github.com/volcano-sh/volcano/releases/tag/v1.11.0-network-topology-preview.3
- WEBhttps://github.com/volcano-sh/volcano/releases/tag/v1.11.2
- WEBhttps://github.com/volcano-sh/volcano/releases/tag/v1.12.0-alpha.2
- WEBhttps://github.com/volcano-sh/volcano/releases/tag/v1.9.1
- WEBhttps://github.com/volcano-sh/volcano/security/advisories/GHSA-hg79-fw4p-25p8
- WEBhttps://pkg.go.dev/vuln/GO-2025-3656