Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-w7wm-2425-7p2h
GHSA-w7wm-2425-7p2h:
vulnerability analysis and mitigation
Overview
The vulnerability (GHSA-w7wm-2425-7p2h) affects MarbleRun versions prior to 1.7.0, discovered and disclosed on February 4, 2025. This high-severity vulnerability allows unauthenticated recovery that enables Coordinator impersonation. During recovery operations, the Coordinator only verifies if a given recovery key can decrypt the sealed state, without validating whether the key belongs to an authorized party defined in the manifest (GitHub Advisory).
Technical details
The vulnerability has a CVSS v3.1 score of 7.1 (High) with the following characteristics: Network attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, Low confidentiality impact, High integrity impact, and No availability impact. The vulnerability is classified as CWE-285. The technical issue stems from the Coordinator's failure to verify if recovery keys match those defined in the manifest, allowing attackers to craft sealed states using unauthorized recovery keys (GitHub Advisory).
Impact
If an attacker successfully exploits this vulnerability by redirecting network traffic from a legitimate coordinator to a malicious one, they can impersonate the Coordinator when remote parties don't compare the root certificate against a trusted reference. The attacker can then present a manifest that doesn't match the actual deployment state. However, the vulnerability does not affect the secrets and state of legitimate Coordinator instances, workload integrity, or certificates chaining back to the legitimate Coordinator root certificate (GitHub Advisory).
Mitigation and workarounds
The vulnerability has been patched in MarbleRun version 1.7.0. As a workaround, connections that authenticate based on a known Coordinator's root certificate (such as those using the marblerun manifest set CLI command) are not affected by this vulnerability. Users should update to version 1.7.0, noting that this update requires manual recovery of the Coordinator and access to recovery private keys matching the recovery public keys defined in the manifest (GitHub Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management