Vulnerability Reportprom/node-exporter:v1.9.1

prom/node-exporter:v1.9.1
DIGESTsha256:d00a542e409ee618a4edc67da14dd48c5da66726bbd5537ab2af9c1dfc442c8a

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The most notable exposures are two denial-of-service vulnerabilities (CVE-2025-61726, CVE-2026-25679) in Go's net/url library, which are easily reachable via the node-exporter HTTP server and could lead to memory exhaustion or resource exhaustion. A certificate validation bypass (CVE-2025-68121) exists but only applies if the TLS configuration is mutated between handshakes—a non-default pattern. Upgrading the Go version in the base image would fully resolve these vulnerabilities.

Threat Score
25/100
NEEDS_ATTENTION
Reputation
RELIABLE
prom

Vulnerabilities

Vulnerability Log

46 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-68121MEDIUM6.8
stdlib
v1.23.7
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-61726MEDIUM6.38
stdlib
v1.23.7
fixed in 1.24.12, 1.25.6
0.8%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-25679MEDIUM6.38
stdlib
v1.23.7
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-32282MEDIUM5.44
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM5.1
stdlib
v1.23.7
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32280MEDIUM5.1
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32281MEDIUM5.1
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32283MEDIUM5.1
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33814MEDIUM5.1
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32288MEDIUM4.67
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.23.7
fixed in 1.23.8, 1.24.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.23.7
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.36.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.36.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.23.7
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM4.42
stdlib
v1.23.7
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-52881LOW2.29
github.com/opencontainers/selinux
v1.11.1
fixed in 1.13.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33811LOW2.29
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39820LOW2.29
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39836LOW2.29
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-58183LOW2.29
stdlib
v1.23.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-61728LOW2.29
stdlib
v1.23.7
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-47907LOW2.14
stdlib
v1.23.7
fixed in 1.23.12, 1.24.6
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.23.7
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-4673LOW2.08
stdlib
v1.23.7
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-22872LOW1.99
golang.org/x/net
v0.37.0
fixed in 0.38.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-47906LOW1.99
stdlib
v1.23.7
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-32289LOW1.87
stdlib
v1.23.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39823NONE0
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.23.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.23.7
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.23.7
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.23.7
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.23.7
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable