CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

7.5CVSS6.5AI score0.00336EPSS

Exploits0References1

OSV•added 2025/08/17 11:15 p.m.•3 views

CVE-2025-7342

7.5CVSS5.8AI score0.00336EPSS

Exploits0References3

NVD•added 2025/08/17 11:15 p.m.•6 views

CVE-2025-7342

7.5CVSS0.00336EPSS

Exploits0References3

CVE•added 2025/08/17 11:3 p.m.•32 views

CVE-2025-7342

CVE-2025-7342 affects the Kubernetes Image Builder when using Nutanix or VMware OVA providers. During Windows image builds, default credentials are enabled, allowing root access. The credentials are disabled after the build. Affected clusters are those that use VM images created via the Image Bui...

7.5CVSS6.5AI score0.00336EPSS

Exploits0References3

Cvelist•added 2025/08/17 11:3 p.m.•10 views

CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

7.5CVSS0.00336EPSS

Exploits0References2

Vulnrichment•added 2025/08/17 11:3 p.m.•5 views

CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

7.5CVSS6.5AI score0.00336EPSS

Exploits0References2

BDU FSTEC•added 2025/07/23 12:0 a.m.•2 views

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine remotely...

8.1CVSS5.4AI score0.00336EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2025/07/22 12:0 a.m.•4 views

PT-2025-30382 · Nutanix +1 · Kubernetes Image Builder Nutanix +1

Name of the Vulnerable Software and Affected Versions: Kubernetes Image Builder Nutanix affected versions not specified OVA providers affected versions not specified Description: VM images built with Kubernetes Image Builder Nutanix or OVA providers may use default credentials for Windows images ...

7.6CVSS6.4AI score0.00336EPSS

Exploits0References17

SUSE CVE•added 2024/11/02 4:2 a.m.•3 views

SUSE CVE-2024-9486

A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be...

9.8CVSS7.2AI score0.02223EPSS

Exploits0References5

Veracode•added 2024/10/25 7:12 a.m.•5 views

Unauthorized Root Access

github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which allows an attacker to gain root access if they reach the VM where t...

8.1CVSS6.9AI score0.01641EPSS

Exploits0References6Affected Software1

BDU FSTEC•added 2024/10/18 12:0 a.m.•1 views

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

6.5CVSS7.2AI score0.01641EPSS

Exploits0References4Affected Software1

BDU FSTEC•added 2024/10/17 12:0 a.m.•3 views

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

10CVSS7.3AI score0.02223EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2024/10/15 9:30 p.m.•15 views

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder

A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusi...

8.1CVSS7.2AI score0.01641EPSS

Exploits0References5Affected Software1

OSV•added 2024/10/15 9:15 p.m.•0 views

UBUNTU-CVE-2024-9594

8.1CVSS7.1AI score0.01641EPSS

Exploits0References5

OSV•added 2024/10/15 9:15 p.m.•3 views

UBUNTU-CVE-2024-9486

9.8CVSS5.7AI score0.02223EPSS

Exploits0References5

Vulnrichment•added 2024/10/15 8:37 p.m.•19 views

CVE-2024-9594 VM images built with Image Builder with some providers use default credentials during builds