CVE-2021-25736: 
Red Hat Enterprise Linux CoreOS (RHCOS) vulnerability analysis and mitigation

CVE-2021-25736 affects the Windows version of kube-proxy in Kubernetes. The vulnerability was discovered in early 2021 and allows processes on a Windows node to potentially accept traffic intended for a LoadBalancer Service. The issue affects Kubernetes versions 1.18.0-1.18.17, 1.19.0-1.19.9, and 1.20.0-1.20.5, specifically impacting clusters running Windows nodes (Kubernetes Announce).

The vulnerability occurs when kube-proxy on Windows unintentionally forwards traffic to local processes listening on the same port ('spec.ports[*].port') as a LoadBalancer Service, specifically when the LoadBalancer controller does not set the 'status.loadBalancer.ingress[].ip' field. The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N (NVD Database).

When successfully exploited, this vulnerability could lead to the disclosure of sensitive information by allowing unauthorized access to services. The impact is limited to clusters where the LoadBalancer controller does not set the 'status.loadBalancer.ingress[].ip' field (Kubernetes Announce).

The vulnerability has been fixed in Kubernetes versions v1.21.0, v1.20.6, v1.19.10, and v1.18.18. Users running affected versions should upgrade to the fixed versions. No other mitigations are available for this vulnerability (Kubernetes Announce).