Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user may be able to ssh/RDP/WINRM to a Windows node VM which uses a VM image built with the Kubernetes Image Builder project ( https://github.com/kubernetes-sigs/image-builder).
For Windows images built with Nutanix, OVA, this issue has been rated High ( https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H )(8.1) Am I vulnerable? Clusters using virtual machine images built with Kubernetes Image Builder ( https://github.com/kubernetes-sigs/image-builder) version v0.1.44 or earlier are affected. CVE-2025-7342: VMs using Windows images built with Nutanix, OVA were confirmed vulnerable. VMs using images built with all other providers are not affected. Affected Versions Kubernetes Image Builder versions <= v0.1.44 To determine the version of Image Builder you are using, use one of the following methods: * For git clones of the image builder repository: cd <local path to image builder repo> make version * For installations using a tarball download: cd <local path to install location> grep -o v0\\.[0-9.]* RELEASE.md | head -1 * For a container image release: docker run --rm <image pull spec> version or podman run --rm <image pull spec> version or look at the image tag specified, in the case of an official image such as registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.44 How do I mitigate this vulnerability? Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs or use image-builder v0.1.41 (February 2025) or later, and set the `admin_password` JSON variable. Prior to upgrading, this vulnerability can be mitigated by changing the password of the Administrator account on affected VMs: `net user Administrator <new-password>` Fixed Versions Kubernetes Image Builder versions >= v0.1.45 Detection `Get-LocalUser -Name Administrator | Select-Object Name,Enabled,SID,Lastlogon | Format-List` If you find evidence that this vulnerability has been exploited, please contact secur...@kubernetes.io Additional Details See the GitHub issues for more details: https://github.com/kubernetes/kubernetes/issues/133115 Acknowledgements This vulnerability was reported by Abdel Adim Oisfi, Davide Silvetti, Nicolò Daprelà, Paolo Cavaglià, Pietro Tirenna from Shielder. The issue was fixed and coordinated by Matt Boersma of the Image Builder project. Thank You, Rita Zhang on behalf of the Kubernetes Security Response Committee
