7.5
CVE-2025-7342
- EPSS 0.07%
- Veröffentlicht 17.08.2025 23:03:56
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle jordan@liggitt.net
- CVE-Watchlists
- Unerledigt
VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerKubernetes
≫
Produkt
Image Builder
Default Statusunaffected
Version <=
0.1.44
Version
0
Status
affected
Version
0.1.45
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| jordan@liggitt.net | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.