Kubernetes v1.33.4-0 and v1.32.8-0: Security Fixes and Component Updates

We’re excited to announce the release of two new Kubernetes versions in Thalassa Cloud: v1.33.4-0 and v1.32.8-0. These releases bring security fixes, component updates, and enhanced stability for your Kubernetes workloads.

Security Fixes

Both releases address a medium security vulnerability:

• CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference
  A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction admission controller does not prevent patching OwnerReferences, a compromised node could leverage this vulnerability to delete and then recreate its node object with modified taints or labels.

Kubernetes Security Announcement

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference.

What’s New in v1.33.4-0

Our latest Kubernetes release contains the following component updates:

• Kubernetes: Upgraded to 1.33.4
• containerd: Upgraded to 2.1.4
• Cilium: Upgraded to 1.17.6
• Cloud Controller Manager: Upgraded to 0.8.0
• CSI Plugin: Upgraded to 0.3.2

Read more in the Kubernetes changelog.

What’s New in v1.32.8-0

For users on the v1.32.x track, we’ve released v1.32.8-0 with:

• Kubernetes: Upgraded to 1.32.8
• containerd: Upgraded to 1.7.28
• Cilium: Upgraded to 1.17.6
• Cloud Controller Manager: Upgraded to 0.8.0
• CSI Plugin: Upgraded to 0.3.2

Read more in the Kubernetes changelog

Automatic Upgrades

These releases are now available for new cluster deployments. Existing clusters will be automatically upgraded according to your scheduled upgrade configuration. If you do not have a maintenance schedule configured for your Kubernetes cluster, you can now start the upgrade through the Console, API or Terraform.