CVE-2025-7342
BaseFortify
Publication date: 2025-08-17
Last updated on: 2025-11-04
Assigner: Kubernetes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kubernetes | image_builder | 0.1.44 |
| vmware | ova | * |
| kubernetes | image_builder | 0.1.45 |
| nutanix | ova | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Kubernetes Image Builder where default credentials are enabled during the image build process. Specifically, virtual machine images built using the Nutanix or OVA provider do not disable these default credentials. As a result, nodes using these images may be accessed using these default credentials, potentially allowing an attacker to gain root access.
How can this vulnerability impact me? :
If your Kubernetes cluster has Windows nodes that use VM images created via the Image Builder project with the Nutanix or OVA provider, an attacker could use the default credentials to gain root access to those nodes. This could lead to full control over the affected nodes, compromising confidentiality, integrity, and availability of your systems.