Vulnerability Reportprom/node-exporter:v1.9.0

prom/node-exporter:v1.9.0

DIGESTsha256:c99d7ee4d12a38661788f60d9eca493f08584e2e544bbd3b3fca64749f86b848

Executive Summary

Threat ScoreNEEDS ATTENTION• One exposed vulnerability CVE-2025-68121 with severity 6.8 affecting TLS session resumption (requires non-default TLS config)• 32 total exposed vulnerabilities, but only one above severity 6• 18 post-exploit vulnerabilities, all with low severity (max 2.29)• Image is popular (3941M+ pulls) and publisher is reliable• No post-exploit findings with severity >= 7.0

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (3941M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The primary concern is CVE-2025-68121, a medium-severity issue in crypto/tls that could allow authentication bypass during TLS session resumption if the server uses non-default TLS configuration. However, node_exporter typically does not enable TLS by default, and the vulnerability requires specific mutations to the TLS Config, which lowers the practical risk. All 18 post-exploit vulnerabilities are low severity and pose minimal threat. Patching the image to the latest version would eliminate the medium-severity finding.

Vulnerabilities

Vulnerability Log

50 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.23.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61727	MEDIUM5.52	stdlib v1.23.6 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.23.6 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.23.6 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-47914	MEDIUM4.5	golang.org/x/crypto v0.32.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58181	MEDIUM4.5	golang.org/x/crypto v0.32.0 fixed in 0.45.0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.23.6 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61726	LOW3.83	stdlib v1.23.6 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.33.0 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.23.6 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2025-52881	LOW2.29	github.com/opencontainers/selinux v1.11.1 fixed in 1.13.0	0.5% Theoretical Threat	Post-Exploit
CVE-2025-22869	LOW2.29	golang.org/x/crypto v0.32.0 fixed in 0.35.0	0.9% Theoretical Threat	Post-Exploit
CVE-2025-22868	LOW2.29	golang.org/x/oauth2 v0.24.0 fixed in 0.27.0	0.8% Theoretical Threat	Post-Exploit
CVE-2025-61729	LOW2.29	stdlib v1.23.6 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-25679	LOW2.29	stdlib v1.23.6 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32283	LOW2.29	stdlib v1.23.6 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.23.6 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.23.6 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2025-47907	LOW2.14	stdlib v1.23.6 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.23.6 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4673	LOW2.08	stdlib v1.23.6 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Post-Exploit
CVE-2025-22872	LOW1.99	golang.org/x/net v0.33.0 fixed in 0.38.0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-47906	LOW1.99	stdlib v1.23.6 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.23.6 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.23.6 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.23.6 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.23.6 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.23.6 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable