CVE-2025-7342

EPSS 0.05%
Veröffentlicht 17.08.2025 23:03:56
Zuletzt bearbeitet 20.08.2025 01:15:31
Quelle jordan@liggitt.net
Teams Watchlist Login
Unerledigt Login

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerKubernetes

≫

Produkt Image Builder

Default Statusunaffected

Version <= 0.1.44

Version 0

Status affected

Version 0.1.45

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
jordan@liggitt.net	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://groups.google.com/g/kubernetes-security-announce/c/tuEsLUQu_PA

https://github.com/kubernetes/kubernetes/issues/133115

https://nvd.nist.gov/vuln/detail/CVE-2025-7342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7342

EUVD