diff --git a/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane.go b/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane.go
index d848d4616bba..7237c49d3b54 100644
--- a/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane.go
+++ b/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane.go
@@ -620,6 +620,12 @@ func (webhook *KubeadmControlPlane) validateCoreDNSVersion(oldK, newK *controlpl
 	if toVersion.Equals(fromVersion) {
 		return allErrs
 	}
+
+	// Skip validating if the skip CoreDNS annotation is set. If set, KCP doesn't use the migration library.
+	if _, ok := newK.Annotations[controlplanev1.SkipCoreDNSAnnotation]; ok {
+		return allErrs
+	}
+
 	if err := migration.ValidUpMigration(fromVersion.String(), toVersion.String()); err != nil {
 		allErrs = append(
 			allErrs,
diff --git a/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane_test.go b/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane_test.go
index 9c62b22ad4e6..168b37d8d149 100644
--- a/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane_test.go
+++ b/controlplane/kubeadm/internal/webhooks/kubeadm_control_plane_test.go
@@ -554,6 +554,17 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
 		},
 	}
 
+	validUnsupportedCoreDNSVersionWithSkipAnnotation := dns.DeepCopy()
+	validUnsupportedCoreDNSVersionWithSkipAnnotation.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS = bootstrapv1.DNS{
+		ImageMeta: bootstrapv1.ImageMeta{
+			ImageRepository: "gcr.io/capi-test",
+			ImageTag:        "v99.99.99",
+		},
+	}
+	validUnsupportedCoreDNSVersionWithSkipAnnotation.Annotations = map[string]string{
+		controlplanev1.SkipCoreDNSAnnotation: "",
+	}
+
 	unsetCoreDNSToVersion := dns.DeepCopy()
 	unsetCoreDNSToVersion.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS = bootstrapv1.DNS{
 		ImageMeta: bootstrapv1.ImageMeta{
@@ -860,6 +871,17 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
 			before: validUnsupportedCoreDNSVersion,
 			kcp:    validUnsupportedCoreDNSVersion,
 		},
+		{
+			name:      "should fail when upgrading to an unsupported version",
+			before:    dns,
+			kcp:       validUnsupportedCoreDNSVersion,
+			expectErr: true,
+		},
+		{
+			name:   "should succeed when upgrading to an unsupported version and KCP has skip annotation set",
+			before: dns,
+			kcp:    validUnsupportedCoreDNSVersionWithSkipAnnotation,
+		},
 		{
 			name:      "should fail when using an invalid DNS build",
 			expectErr: true,