CVE-2025-32777
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | volcano.sh/volcano | <1.9.1 | 1.9.1 |
| Go | volcano.sh/volcano | >=1.10.0-alpha.0,<1.10.2 | 1.10.2 |
| Go | volcano.sh/volcano | >=1.11.0-network-topology-preview.0,<1.11.0-network-topology-preview.3 | 1.11.0-network-topology-preview.3 |
| Go | volcano.sh/volcano | >=1.11.0,<1.11.2 | 1.11.2 |
| Go | volcano.sh/volcano | >=1.12.0-alpha.0,<1.12.0-alpha.2 | 1.12.0-alpha.2 |
References
- https://github.com/volcano-sh/volcano/security/advisories/GHSA-hg79-fw4p-25p8
- https://nvd.nist.gov/vuln/detail/CVE-2025-32777
- https://github.com/volcano-sh/volcano/commit/45a4347471a5254121d10afef04c6732095fa398
- https://github.com/volcano-sh/volcano/commit/7103c18de19821cd278f949fa24c13da350a8c5d
- https://github.com/volcano-sh/volcano/commit/735842af59b9be0da5090677db7693c98a798b2a
- https://github.com/volcano-sh/volcano/commit/7c0ea53fa3cfa7a05b5fba7a8af7bfe88adc41c3
- https://github.com/volcano-sh/volcano/commit/d687f75a11fa36f37b54e4b6ff8e49bc0a3ca6b4
- https://github.com/volcano-sh/volcano
- https://github.com/volcano-sh/volcano/releases/tag/v1.10.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.11.0-network-topology-preview.3
- https://github.com/volcano-sh/volcano/releases/tag/v1.11.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.12.0-alpha.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.9.1
- https://pkg.go.dev/vuln/GO-2025-3656
Verify integrity in audit chain (admin only). AS-IS.