Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API

GHSA-vv39-3w5q-974q · CVE-2024-9042 · GO-2025-3522

Published Mar 13, 2025 · Modified Feb 4, 2026

Description

A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-9042
WEB https://github.com/kubernetes/kubernetes/issues/129654
WEB https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
WEB https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
WEB https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
WEB https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
WEB http://www.openwall.com/lists/oss-security/2025/01/16/1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes