CVE-2025-61688: 
vulnerability analysis and mitigation

CVE-2025-61688 is a security vulnerability discovered in Omni, a software that manages Kubernetes on bare metal, virtual machines, or in cloud environments. The vulnerability was disclosed on October 13, 2025, affecting versions prior to 1.1.5 and 1.0.2. This security issue allows potential information leakage through an API endpoint (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.6 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, has changed scope, and can result in high confidentiality impact without affecting integrity or availability (GitHub Advisory, NVD).

The vulnerability allows unauthorized access to sensitive information through an API endpoint. The high CVSS confidentiality impact rating indicates that the exposure of sensitive data could be substantial (GitHub Advisory).

The vulnerability has been patched in versions 1.1.5, 1.0.2, and 1.2.0. No workarounds are available, making it critical to upgrade to a patched version (GitHub Advisory).