Join us

Kubernetes Image Builder Vulnerability Grants Root Access to Windows Nodes

@faun ・ Jul 26,2025

A critical CVE-2025-7342 haunts Kubernetes Image Builder v0.1.44 and earlier. It ships Nutanix/OVA images with default Windows Administrator creds intact. That slip-up invites root access on Windows nodes. Linux builds and other providers dodge this bullet. Mixed clusters run hot until images rebuild or passwords rotate. Jump to v0.1.45+. It demands `WINDOWS_ADMIN_PASSWORD` or `admin_password` in your JSON. Default-credential attack, kaput.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

The FAUN

FAUN.dev()

@faun

The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.