Notice of Kubernetes Security Vulnerability (CVE-2025-7342)
The Kubernetes Security Response Committee discovered a security vulnerability (CVE-2025-7342) in the Kubernetes Image Builder. This vulnerability may allow attackers to obtain root access to VMs.
Description
|
Type |
CVE-ID |
Severity |
Discovered |
|---|---|---|---|
|
Container escape |
High |
2025-07-21 |
Impact
The default SSH username and password (the builder user) are enabled in the image built using Kubernetes Image Builder. This may allow attackers to gain root access permissions of the VM. CCE node images are not built using the Kubernetes Image Builder, so such nodes are not affected by this vulnerability.
Identification Method
Use either of the following ways to check the Image Builder version in use:
- If the Image Builder was cloned from the official repository using Git, run the following command to check its version:
cd <local-Image-Builder-repository-path> make version - If the Image Builder was downloaded and installed using a tarball, run the following command to check its version:
cd <local-installation-path> grep -o v0\\.[0-9]* RELEASE.md | head -1 - If the Image Builder was deployed using a container image, for example, an official image registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.44, view the specified image tag to determine the version.
Solution
Avoid using Kubernetes Image Builder of v0.1.44 or earlier to create any node private images. This vulnerability does not impact CCE public images.
Helpful Links
Related community issue: https://github.com/kubernetes/kubernetes/issues/133115
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
