Alta Video — 1839: Vulnerability in kubelet checkpoint API could lead to denial of service

Release Date

12th September 2025.

Overview

There was a vulnerability in Kubernetes, which allowed an attacker to exhaust node disk space by sending numerous container checkpoint requests to the unauthenticated kubelet read-only HTTP endpoint. This could allow an attacker to mount a denial-of-service attack.

Affected Products

• Alta Video: before the 6th of August 2025.
• Alta Video Cloud: before the 6th of August 2025.

Unaffected Products

• Alta Video: from the 6th of August 2025.

• Avigilon Cloud-Native Cameras: all versions.

• Alta Video Cloud: from the 6th of August 2025

Resolution

This issue has been fixed in the Alta Video Beta and Stable channels since the 6th of August 2025. Alta Video customers do not need to take any additional action.

A fix was deployed to the Alta Video Cloud on  6th August 2025. Alta Video Cloud customers do not need to take any additional action.

Vulnerability Information

• CVE: CVE-2025-0426
• CVSSv3 score: 6.2 (Medium)
• CVSSv3 vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Mitigations

There are no known mitigations for this issue.

Work arounds

There are no known work arounds for this issue.

Acknowledgements

Issue reported by the Kubernetes team.

Disclosure Timeline

• 14/02/2025 Issue found
• 14/02/2025 Root cause established
• 14/02/2025 Fix identified
• 06/08/2025 Patched Alta Video Cloud released
• 06/08/2025 Patched Alta Video (Stable upgrade channel) released
• 12/09/2025 Vulnerability publicly disclosed